Subresource Integrity (SRI)

Description

During the scan, Kayran managed to find the Subresource Integrity (SRI) vulnerability.
Subresource Integrity (SRI) provides a mechanism for checking the integrity of resources hosted by the third parties. It also checks that the resource does not perform any malicious processes.

If you use the site with a third-party DNS service and the DNS service is either hacked or hijacked, it means that your site has also been hacked or hijacked.

Recommendation

To safely use Subresource Integrity make sure you add the Integrity attribute into the script tag with a base64 encoded cryptographic hash value.

References

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »