Qualys WAS Introduces New Check to Secure External JavaScript Libraries
Qualys Web Application Scanning (WAS) has introduced a new check, QID 150545, to highlight the use of external JavaScript libraries in web applications. This addition aims to address potential security risks and performance issues associated with these libraries.
External JavaScript libraries, such as jQuery, Angular.js, or React, can pose security threats if loaded from insecure sources. QID 150545 helps identify such instances, recommending self-hosting for better control and to mitigate supply chain attacks.
To ensure the integrity of JavaScript files, Sub Resource Integrity (SRI) can be employed. However, Qualys WAS detects if SRI is not in use with QID 150261. Similarly, Content Security Policy (CSP) enables developers to whitelist domains for resource loading, and Qualys WAS identifies its absence with QID 150206.
Using external JavaScript libraries can also lead to performance issues. They may load additional JavaScript from other domains, causing slower page loads due to performance impact.
QID 150545, developed by the Qualys Web Application Scanning Team, is now part of both Discovery and Vulnerability scans, separating external JavaScript libraries from QID 150176. Understanding and implementing the recommendations from this QID can significantly improve the security and performance of web applications.
Read also:
- Tata Electronics & Bosch Ink MoU to Boost India's Electronics Manufacturing
- Tata Motors Establishes 25,000 Electric Vehicle Charging Stations Nationwide in India
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- AI-Enhanced Battery-Swapping Station in Southeast Asia Officially Opens Its Doors
