If you want a TLDR summary of the new rules to share, here you go: Payment pages must only load JS required for processing payments. Payment pages must restrict what JS loads, for example with CSP. Payment pages must integrity check JS, for example with SRI. Payment pages must be monitored for changes, for example with CSP reporting
If you want a TLDR summary of the new rules to share, here you go:
« We implemented a change 5 months later while troubleshooting a problem with one of our build systems and the permissions on that path were not properly reset once the issue had been fixed »
Ca peut éventuellement motiver les entreprises à investir plus dans la sécurité de leurs SI