Defending Against JavaScript Keylogger Attacks on Payment Card Information

In this course, you’ll learn how about the most common attack now used to steal payment card data and the possible defences.
Course info
Level
Beginner
Updated
Jul 26, 2018
Duration
1h 3m
Table of contents
Description
Course info
Level
Beginner
Updated
Jul 26, 2018
Duration
1h 3m
Description

In this course, Defending Against JavaScript Keylogger Attacks on Payment Card Information, John Elliott and Troy Hunt discuss the most common attack used to steal payment card data and how to defend against it. Learn how security people think about a problem, why criminals attack, how their tools and techniques work, and how you have to adapt as defenders. By the end of this course, you’ll have a better understanding of the NIST model, how thinking about detection is equally important, and response/recovery.

About the author
About the author

John Elliott is a data protection specialist. He helps organizations comply with regulations in a sensible and pragmatic way, balancing business needs, risk and regulations.

More from the author
PCI DSS: The State of Cardholder Data Attacks
Intermediate
1h 26m
Jan 16, 2019
Cyber Security: Executive Briefing
Beginner
25m
Sep 7, 2018
More courses by John Elliott
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
58m
Aug 3, 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
(Music playing) Hello, my name is John Elliot, and I'm a data protection specialist with a particular interest in protecting payment card data. I was Visa Europe's representative on the payment card industry security standards council, which means I had the contributing to many of the PCI standards, including PCI DSS. And I'm Troy Hunt. I'm an author of many different Pluralsight courses about how to protect yourself online. And, of course, protecting yourself online applies to all sorts of different web applications, but particularly those that lead through to payment processing. When Troy visited London recently, we had a chat about the modern ways that criminals steal cardholder data by using JavaScript executing in the customer's browser to read and steal card data from form fields. We discussed how the attack works and how people could protect their organization's web applications. We actually have some fantastic native implementations within browsers that can be used for protecting web applications, collecting any sorts of data, not just payment related information. So, for example, we have content security policies, CSPs, and sub-resource integrity, or SRI. Following the NIST cyber security framework, we also brainstormed ways you could detect the attack, how to respond, and what you would need to do to recover normal operations. This course is based on real-world experience, and we'll be looking at some important industry precedence that highlight just how serious this issue is and how important it is to get the defenses right. Everything we talk about applies to protecting all web forms, not just ones that collect payment data, so I do hope you'll join us as we discuss ways of defending against JavaScript keylogger attacks on payment card information.