Content Security Policy (CSP)
Implementing CSP manually can be administratively complex and time consuming for security teams. In addition, since websites operate dynamically and are upgraded regularly, this requires continuous adjustment to CSP. Errors in CSP could end up breaking the website and poorly written policies do not offer much security benefit. Although CSP provides valuable insight into website attacks and behaviors, its alert volume can quickly overwhelm security teams.
Tala completely automates the process of policy generation, updating and implementation, alert analytics and incident management. With Tala, a website can be up and running with a CSP in minutes. Website attacks are prevented in real-time, website performance is preserved and the need for costly and continuous administration, remediation or incident response is minimized.
Subresource Integrity (SRI)
Tala provides real-time visibility into the scripts running on the web application and continuously monitors the scripts for changes. Implementing SRI manually can be administratively complex and time consuming for security teams. In addition, since websites operate dynamically and are upgraded regularly, this requires continuous adjustment to SRI hashes. Errors in implementing SRI could end up breaking the website.
Tala completely automates the process of hash generation, implementation, alerting and incident management. Website attacks are prevented in real-time, website performance is preserved and the need for costly and continuous administration, remediation or incident response is minimized.
HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) is a web server directive that allows websites to declare that they should only be accessed via a secure connection. When a website has an HSTS policy, any browser accessing it must refuse all HTTP connections and stop users from accepting insecure SSL certificates. To prevent redirects every time a user visits a site, the browser remembers the information for a period of time specified by the header.
Tala’s advanced analytics and automation engine continuously apply HSTS, CSP, SRI and other critical controls to websites, protecting against the broadest range of attacks without impacting on website performance or user experience. Tala’s technology automates advanced security controls to ensure continuous website security measures are in place, protecting sensitive data exchange and preventing website attacks.
Permissions Policy
Permissions Policy (formerly known as feature policy) allows web developers to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser. It’s like CSP but instead of controlling security, it controls third-party access to features such as camera, microphone and geolocation – and enhances the user experience
Tala now supports the feature policy header and allows you to specify how stringent or lax the access should be for each site. It’s possible to specify a list of trusted origins or even block access altogether.
Referrer Policy
The referrer request header identifies the address of the web page that links to the resource being requested, allowing servers to identify where the request to the current page originated from. This has many important uses including, but not limited to, analytics, logging and cache optimization.
Identifying the optimal referrer policy definition requires insights into third-party content loading, page-wide policy settings, and can require extensive server configurations. Tala’s WARP customizes policies based on security requirements. Referrer policy may be defined per URL or set of URLs and can be enforced within minutes.
iFrame Sandbox
Applying iframe sandboxing with the right restrictions requires some expertise and continuous administration for effective iframe configuration. In addition, identifying pages eligible for top-level iframe sandboxing can be challenging and time-consuming.
Tala’s application analysis engine continuously scans all iframes present on a set of pages to discover the attributes that they might be using (e.g. pop-ups, scripts, etc). This allows for the configuration of appropriate sandbox environments for each of the iframes. Sandboxing can be implemented on a single URL, set of URLs, or all URLs the iframe is present on and can be disabled via the Tala console instantly if required.
How vulnerable is your website?
Tala automates standards-based security to prevent client-side attacks
Tala helps you quickly deploy robust, capable web security standards like CSP, SRI, Referrer Policy, HSTS, Feature Policy, HTML5 Sandbox to ensure the end-to-end integrity of digital commerce.
Tala’s AI-driven analytics engine automates dynamic adjustments to native, standards-based web security policies. This ensures that all types of client-side attacks are prevented in real time, website performance is preserved and the need for costly and continuous administration or incident response is minimized.
Future-Proof Security
Standards-based security offers the flexibility to stand against attack methods old and new
Broadest Threat Coverage
Real-time protection against XSS, clickjacking, redirection, ad injection, code injection and many other attacks
Near-Zero Performance Impact
Security policies built into browsers have zero latency impact compared to other client-side security measures
Zero-Day Threat Resiliency
Automatically keeps up with changes to standards and dynamically adjusts security policies on each browser session
Resources
- Decoding Magecart Attackson June 7, 2021
- How to protect customer data from Magecart, Formjacking and XSSon June 2, 2021
- How to prevent Magecart attackson May 12, 2021
E-commerce is booming, so are Magecart attacks The global e-commerce economy continues to grow with nearly $26.7 trillion spent in 2020. Website […]
How can Tala work for you?
