Implement CSP (and other security controls)

What is the Problem?

Modern web apps and websites are “client-heavy” and much of the code executes via JavaScript on the client browser. Traditional security controls such as web application firewalls do not have visibility into client-side execution.

Content Security Policy (CSP), Sub-resource Integrity (SRI), HSTS, iFrame sandboxing, referrer-policy and other security policies offer very fine-grained security controls that protect the web application as it executes on client-devices. These security controls are available across mobile and PC browsers ensuring comprehensive coverage across your user base.

Properly configured policies can protect against cross-site scripting (XSS), clickjacking, JavaScript compromises, data exfiltration attacks and several others. Many industry web vulnerability scanners are also flagging lack of these security controls – a web application without these controls may not pass audit or risk management requirements.

Why Do Enterprises Struggle to Implement CSP and Other Security Controls?

Despite the availability of these critical security control mechanisms, as of December 2018, only a very small percentage of websites in the Alexa 1 million had implemented CSP and other controls. Enterprises struggle to implement these important security controls and need an automated solution:

     

  • Implementing CSP and other policies require DevOps and Infosec engineers to spend several man-weeks to study their applications and craft and fine-tune policies.
  •  

  • Modern enterprise websites and web apps change often, and maintaining and updating policies becomes a significant burden on the Infosec organization.
  •  

  • Incorrect policies can lead to vulnerabilities, or break legitimate functionality in the sites.
  •  

  • Even if policies were implemented, enterprises find it very difficult to monitor violations and create appropriate incident response programs.

Tala’s enterprise website security platform provides an automated solution to implement CSP, SRI and other critical controls for your web assets, in minutes.

Download Tala’s Solution Brief

blog

Benefits of Deploying Web Security Standards

by T Brown

A recent Tala Security study highlighted that a startling number of websites are not effectively deploying available standards-based security to […]

read more

whitepaper

Tala is powered by advanced AI and threat intelligence.

Get the most comprehensive view into how your users are being attacked. Understand the where, how and when of attacks, in real-time. Tala’s AI driven analytics helps you focus on attacks that matter the most.

download now

Request A Demo

Learn how Tala’s technology works and can help you protect your users against malicious attacks.

Bitnami