Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kempy
Newcomer III
‎09-19-2018 03:55 AM
‎09-19-2018 03:55 AM

magecart mitigation

I have created an electron app to simulate magecart entirely client side (so not a true reflection).

 

It's at https://github.com/kempy007/magecart-shim

 

Does anyone know of any techniques that could mitigate this risk?

 

Owasp have a good article here https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet

 

However I don't feel it would be possible to prevent a script coming from client side from scraping the data, what the owasp article mentions would all be server side control.

 

Reply
0 Kudos
1 Reply
Kempy
Newcomer III
‎09-19-2018 09:11 AM
‎09-19-2018 09:11 AM

The best answer to mitigate this threat is to implement content security policy headers.

 

https://www.pluralsight.com/courses/defending-javascript-keylogger-attacks-pci

Reply
0 Kudos