Missing Subresource Integrity

info Web Application Scanning Plugin ID 98647

Synopsis

Missing Subresource Integrity

Description

Subresource Integrity (SRI) is a web security standard that enables browsers to verify that resources hosted by third parties (CDN for example) are delivered without unexpected manipulation.

SRI works by comparing a cryptographic hash declared in the integrity attribute of the resource tag (like script or link) used to fetch the resource and the calculated hash value of this resource.

No SRI have been detected for one or more resources.

Solution

Add a integrity attribute to the resource tag with prefixed and base64 encoded hash of the resource.

See Also

https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet#Subresource_Integrity

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Plugin Details

Severity: Info

ID: 98647

Type: remote

Published: 8/1/2019

Updated: 9/2/2021

Scan Template: scan, pci, overview

Vulnerability Information

Patch Publication Date: 8/1/2019

Vulnerability Publication Date: 8/1/2019