Why CSP and SRI alone won’t protect you against web skimming attacks like Magecart

Magecart and other data skimming attacks inject malicious JavaScript code into a web page in order to steal sensitive data, such as credit card numbers, social security numbers, and other personally identifiable information.

Read this white paper to learn how data skimming attacks work, why third-party JavaScript tags are a major threat to web application security today, and why your business will need additional forms of protection beyond Content Security Policy (CSP) and Subresource Integrity (SRI).