Note by Stephen Rees-Carter on Substack: "⚠️ Top 10 Laravel security issues I've found during audits ⚠️ #9 → Missing Subresource Integrity (SRI) SRI prevents compromised 3rd-party scripts from affecting your app, blocking attacks like Magecart, keyloggers, cryptominers, and malicious redirectors. SRI works best on ve…"

April 13, 2023

∙

⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#9 → Missing Subresource Integrity (SRI)

SRI prevents compromised 3rd-party scripts from affecting your app, blocking attacks like Magecart, keyloggers, cryptominers, and malicious redirectors.

SRI works best on versioned scripts & styles from CDNs, such as packages like Alpine, Bootstrap, etc, and prevents the browser loading scripts/styles that have been modified unexpectedly.

You can find more details over here: larasec.substack.com/p/security-tip-sub…

Securing Laravel

Security Tip: Use Subresource Integrity on Your Resources!

[Tip#14] What is Subresource Integrity and why is it so important for securing your site?

Likes

∙

Restack