Error on Content Security Policy while testing for Clickjacking

I was recently testing for Clickjacking and when I opened developer tools, I was warning
Content Security Policy: Ignoring “’unsafe-inline’” within script-src or style-src: nonce-source or hash-source specified
Do you guys think it is poss… Continue reading Error on Content Security Policy while testing for Clickjacking

92% of the world’s top websites expose customer data to attackers

Tala’s Global Data at Risk: 2020 State of the Web Report indicates that sensitive data like PII and credit card information has never been more at risk – and security effectiveness is declining.
The post 92% of the world’s top websites… Continue reading 92% of the world’s top websites expose customer data to attackers

Security Benefits of Having a Content Security Policy for a Domain Loaded through iframe

Consider the below scenario:
There’s a checkout webpage that can be accessed at checkout.example.com. This page has decent security policy. But just to prevent any credit card info leakage, credit card information editing panel is in an if… Continue reading Security Benefits of Having a Content Security Policy for a Domain Loaded through iframe

If security is slowing down your website’s performance, you’re doing it wrong.

Slow websites lose customers and hurt conversions. Fortunately, you don’t have to sacrifice performance for security, says Tala CTO Swapnil Bhalode.
 
The post If security is slowing down your website’s performance, you’re doing it wron… Continue reading If security is slowing down your website’s performance, you’re doing it wrong.

It’s all about the data

Data protection, controls and compliance don’t have to be an onerous obligation. With the right approach, you can turn it into a key differentiator for your business, says Tala’s Director of Product Management, Deepika Gajaria.
The pos… Continue reading It’s all about the data

Content Security Policy applied to Single Page Applications: Is it worth it with unsafe-inline?

I have a website developed using VueJS (i.e. its a single page application). I’ve been looking at implementing Content Security Policy headers. As I tested out the header values I would need, I realised I would have to allow ‘unsafe-inline… Continue reading Content Security Policy applied to Single Page Applications: Is it worth it with unsafe-inline?

Evaluating client-side web security: questions to ask your vendor

Third-party tools have transformed your online presence – but you need to secure them or it will all be for nothing. Doing that starts with asking your vendor the right questions, says Tala VP of Engineering, Sanjay Sawhney.
The post Evaluating cl… Continue reading Evaluating client-side web security: questions to ask your vendor