Protecting Your Customers By Using Subresource Integrity

In June 2018, customers of Ticketmaster had their details compromised because of third-party library used to power their Chatbot AI. Ticketmaster themselves were not targeted, but the library provided by https// was.

Because the library was included on every page, it was able to "see" what was being inputted into the Ticketmaster website.This kind of attack could have been easily prevented, by checking the integrity of the third party library using Subresource Integrity (SRI). In short, SRI allows you to specify the expected hash of the library.

This means if you are loading in a library and you specify its hash to be "abc123" it will load normally. But if the script is changed (it only takes a character change for the hash to change), the script will fail to load because the hash did not match the expected value.


By: Indy Singh - 03/10/18

More stories by Indy Singh

Our cookies

We use analytics cookies to collect information about how our site is being used. We use these cookies to allow us to improve our services. Tell me more