惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google Online Security Blog
Google Online Security Blog
S
Security @ Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
人人都是产品经理
人人都是产品经理
The Hacker News
The Hacker News
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
博客园 - 司徒正美
雷峰网
雷峰网
L
LINUX DO - 最新话题
博客园 - 叶小钗
云风的 BLOG
云风的 BLOG
The Last Watchdog
The Last Watchdog
V2EX - 技术
V2EX - 技术
S
Security Affairs
有赞技术团队
有赞技术团队
月光博客
月光博客
T
Threatpost
T
Tor Project blog
O
OpenAI News
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
V2EX
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
博客园 - 三生石上(FineUI控件)
D
Docker
AWS News Blog
AWS News Blog
AI
AI
P
Proofpoint News Feed
K
Kaspersky official blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Securelist
F
Fortinet All Blogs
F
Full Disclosure
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
量子位
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Palo Alto Networks Blog
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
美团技术团队
N
News | PayPal Newsroom
T
The Blog of Author Tim Ferriss
MyScale Blog
MyScale Blog

Scott Helme

Connection Allowlist: a network firewall, built into the browser Top 1 Million Analysis – June 2026: The State of Crypto Top 1 Million Analysis – June 2026: Ten Years of Web Security A dead CDN, a wildcard, and an attack waiting to happen: the netdna-ssl.com takeover Why No Passkeys? Naming the Top Sites That Still Don't Support Them The Instructure Canvas Breach (2026): How XSS in a Support Ticket Compromised 275 Million Students Open-Sourcing dbsc-php: a Server Library for Device Bound Session Credentials in PHP DBSC Beta at Report URI Device Bound Session Credentials: Making Stolen Cookies Useless Passkeys, Permissions Policy and Bug Hunting in 1Password's WebAuthn Wrapper Open-Sourcing passkeys-php: A Security-Focused WebAuthn Library for PHP XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None Passkeys 101: An Introduction to Passkeys and How They Work Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive Under Attack: Responding to the Rise of Info-Stealer Threats Security considerations when using Passkeys on your website Fighting an active Magecart Campaign Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser Bringing in the experts; Having our Passkeys implementation Security Tested Launching Passkeys support on Report URI! 🗝️ When “One in a Billion” Happens Every Day: Scaling Redis at Report URI XSS Ranked #1 Top Threat of 2025 by MITRE and CISA DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World
Leverage our treasure trove of Threat Intelligence data
Scott Helme · 2026-03-19 · via Scott Helme

We've been working on CSP Integrity for a little while now, and it was only announced in open beta back in September. Since then, as more of our customers start to use it, we've continued to improve it and observe the potentially huge benefits.

CSP Integrity

You can read the full post on CSP Integrity and how it works, but here's a quick TLDR. You can now leverage a native feature in modern browsers to have the browser send you the cryptographic fingerprint of any JavaScript that is running on your site. Once we receive that data, we can do some pretty amazing things with it, and it opens up a whole new world of possibilities. This is a fundamental shift in browser capabilities and the best part is that if it takes you more than 30 seconds to configure and deploy this, you probably did it wrong!

Our Fingerprint Database

Receiving the fingerprint of all scripts that are running is great, but it's even better to have an enormous database of known fingerprints to check against, and that's something we've been working on. Our database only contains the fingerprints of known and verified files, and that verification was done by us. That means if we get a match for the fingerprint provided against our database, we can say with certainty that we know what that file is.

Our latest data is available to all customers in production right now, so if you're sending us CSP Integrity data, it's being cross-checked against our database already. This is the latest output from the process that generates our data after passing over the terabytes of JavaScript we already have:

⭐ Produced sha256 hashes:11,276,852
⭐ Produced sha384 hashes:11,276,852
⭐ Produced sha512 hashes:11,276,852
📦 33,830,556 total fingerprints

If you're using common libraries or files right now, we can start to identify and tag them in our UI with information on the source of that file, and having the ability to do this across literally millions of files really has an impact.

On top of this new capability, we of course still have all of our existing Threat Intelligence capabilities too, which leverage our own feeds of data, and external feeds from industry, to identify known bad domains and files, suspicious activity, known IoC (Indicator of Compromise) and much more.

Vulnerability mapping

When we're observing the use of thousands of different JavaScript libraries by our customers, it's obvious that some of those libraries are going to contain security vulnerabilities. Because we can identify individual files based on their fingerprint, and then map that back to which version of which library is being used, we can then gather data on any vulnerabilities that impact our customers and let them know!

We're currently tracking hundreds of unique vulnerabilities across all of our verified libraries that impact literally thousands of files, so you can rest assured that if you're using any kind of popular library that has a know problem, we're going to detect it.

Threat Intelligence

We now regularly collect data from almost 250,000,000 unique browsers per month, that's a quarter of a billion browsers sending us data on what they're seeing on the Web. With our birds-eye view of so much activity, we can infer a lot from the data that we gather, far beyond the value that this provides to any individual customer. For example, a very simple metric that we use regularly is "For the tens of thousands of sites that use our service, have any of them ever loaded this JavaScript before?". For the answer to that question to have value, the number of sites we're protecting has to be large enough to matter, but as we continue to grow, the answer to that question is meaningful. Knowing if you're the only site in the World loading some specific JavaScript, or you're one of thousands, is a great insight to have. There are a whole variety of seemingly simple metrics like this that are incredibly valuable and we are now in a position to start leaning on this data to better protect our customers.

On top of this, we also ingest various industry feeds of Threat Intelligence data to enrich our own. Just because we haven't seen a URL behave in a malicious way just yet, it doesn't mean that someone else hasn't. By feeding in Domain Reputation Data, Malware Feeds, Phishing Campaigns, IP Reputation and more, we can look at what JavaScript you're loading and make a determination on how likely it is to be trustworthy or not.

More to come!

As always, we're continually working to improve our product to better serve our customers. If you have any feature ideas or suggestions, please do feel free to reach out to me, and keep an eye out for some of the exciting announcements coming in H1 2026!


Have you enjoyed this post or found it helpful?
☕️ Consider buying me a coffee to say thanks!
🔔 Subscribe for free notifications when I publish!
🤩 Become a member and support my content!

Tags: Report URI, Threat Intelligence, CSP Integrity