Have I Been Pwned is a Data Breach notification service that allows members of the public to check if their data has been disclosed online as the result of a data breach, and, sign up for notifications if their data is exposed in the future.
The service is operated by Troy Hunt, a Microsoft Regional Director and MVP, out of his home in Australia, and it's fair to say that Troy takes Cyber Security seriously!
Have I Been Pwned accepts sensitive data from users in the form of email addresses, phone numbers and even passwords, data that you want to make sure never falls into the wrong hands. Leveraging additional features of CSP, the Have I Been Pwned site requires that any such data can only be sent back to them, and nobody else, greatly reducing the chance of any unintended exposure or exfiltration.
In addition to this strong protection, Data Watch is used to send notifications if the site tries to send data somewhere it shouldn't, indicating that there could be a problem. This immediate notification means that the issue can be investigated quickly and resolved, before any significant harm can be done.
Once a baseline is established, our Script Watch and Data Watch products will monitor and alert you to any changes for you to investigate quickly.
In addition to this, we have a selection of features and tools detailed below that will help you get started with CSP and work through to enforcing a policy across your whole site, but please reach out to email@example.com if you need more information.
Because Script Watch leverages the browser native Content Security Policy, there is no code or agent to deploy and running in the browser means we analyse your site in real-time as your users are browsing. We don't have the same limitations as external scanning services such as authentication or pay walls, geo-sensitive content or an attacker potentially serving safe content to the crawler.
Data Watch will monitor all of the locations that your webpages are sending data to. If your website starts sending data to a new location, it could be the start of a Magecart attack.
We often find that creating a CSP is the first difficult step that organisations face. Having a complete list of all resource dependencies across your entire site like images, scripts or styles, from both 1st-party and 3rd-party locations, is tough to achieve.
The CSP Wizard was created to solve this problem, and in seven days or less, it can you give a complete list of all resources used across your entire site.
With the list of all resources you use on your site, and our easy to use tool, creating a viable Content Security Policy is easier than ever with just a few clicks.
All Content Security Policies will need to be tweaked at some point. New resources may be added to the site or old resources removed, and the policy needs to be updated to reflect those changes and kept up to date.
You can import your existing policy into the CSP Builder and use our fully featured tool to make any changes that you require right there in the UI. When you're done, hit Generate, and the CSP Builder will provide you with your new, updated policy.
Script Watch and Data Watch will allow you to rapidly detect and respond to a Magecart attack and combined, that capability puts you ahead of the field. If you want to take it a step further, Content Security Policy can mitigate a Magecart attack and stop it from even happening.
We subscribe to various feeds of Threat Intelligence data, along with managing our own internally generated feeds, to keep apprised of the latest threats that exist online.