February 18th at 2:00 PM EST
Content Security Policy (CSP) and Subresource Integrity (SRI) are called out specifically in the current version of the PCI DSS- they should not be. These are insufficient controls for securing third-party JavaScript and stopping eSkimming.
These controls are trivial to bypass for modern eSkimming attackers and should be removed from the DSS as they create a false sense of security that leaves organizations exposed.
This webinar breaks down why CSP and SRI fail against today’s dynamic, behavior-based client-side attacks like eSkimming, formjacking, and credential harvesting. We will explain where these controls were intended to help, where they fundamentally break down, and why auditors, attackers, and compliance teams increasingly recognize their limitations.
