Bug Bounty Hub
  • πŸš€WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • πŸ•ΈοΈPENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • πŸ“šRESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • πŸ”οΈBug Bounty Platforms
Powered by GitBook
On this page

Was this helpful?

  1. THE BASICS OF WEB
  2. Web Browsers

Subresource Integrity Check (SIC)

Subresource Integrity (SRI) is a security feature that helps ensure the integrity of external resources loaded by your website, such as JavaScript files or stylesheets. It allows you to verify that the file has not been altered or tampered with after it was retrieved from a third-party source like a CDN (Content Delivery Network).

SRI works by adding a cryptographic hash to the <script> or <link> tag of the external resource. When the browser fetches the resource, it calculates its hash and compares it with the one you provided. If the hashes don’t match, the browser will block the resource from loading, preventing potentially malicious code from being executed.

Example:

<script src="https://cdn.example.com/library.js" 
    integrity="sha384-abc123..." 
    crossorigin="anonymous">
</script>

While CSP allows the creation of whitelists of domains to load resources, SIC prevents the loading of modified JS scripts or stylesheets.

PreviousContent Security Policy (CSP)NextWeb Proxies

Last updated 6 months ago

Was this helpful?

🐣