![]() Tala’s iframe sandboxing feature leverages the W3C iframe HTML5 specification rooted in For both vendor and customer, everything’s all right - until it isn’t. ![]() The problem with attacks like these is they are able to steal the data while allowing the transaction to complete successfully. ![]() For example, a recent attack compromised an iFrame on Braintree, the widely used e-commerce payment system: a digital skimmer compromised Braintree-hosted fields payment form on an e-commerce website. Misuse of iframes has given rise to attacks including but not limited to ‘malvertising’, clickjacking, and ‘ cross-site scripting’. One of the challenges customers have faced with iframes is that forms in iframes can be used to retrieve user input. Enterprises use iframes for multiple reasons, including advertising, media integration and payment pages. This kind of embedded content can be seen across the web, most commonly in the form of videos and ads. These are used to embed another HTML document into the current one. The iframe in HTML stands for Inline Frame. Let’s take a look at what they are and how they can work for our customers: That’s why we’re really pleased to announce two key new features that we’ll be releasing in the coming weeks: iFrame security controls and Feature-policy. At Tala, we spend a lot of time evaluating existing and emerging security standards, looking for new use cases and ways to expand our already-comprehensive standards-based protection. The web is always evolving and so are the attackers. Even trusted, whitelisted applications can be compromised to steal data. Unfortunately, these same enhancements provide an ever-expanding attack surface to cybercriminals. We all know how first and third-party integrations enhance user experience and deliver rich, dynamic websites and web applications. Key new features in Tala’s solution will broaden your defenses. Web integrations and rich user experience present cybercriminals with an ever-expanding surface to attack.
0 Comments
Leave a Reply. |