background

August 16, 2024

Yireo webinar on Magento CSP

Yireo Blog Post

With the most recent Magento release, CSP (Content Security Policy) became a lot more serious. However, instead of bluntly just enabling it or bluntly just disabling it, it makes more sense to see where it is needed and where not. On August 30th, we organize a free webinar to discuss things.

CSP and PCI compliance

There are a lot of sides to the CSP story that we feel are currently overlooked. For instance, CSP is required by PCI compliance. More precisely, next year, PCI 4 is activated which requires inline scripts to be protected by using CSP. This is actually what the Magento 2.4.7 release was about.

CSP and backend security

Another thing that is often overlooked is the fact that CSP simply protects you against evil third party scripts. And with CSP, the chances you are getting hacked via XSS attacks in the Magento Admin Panel are getting less as well. This might very well be a huge issue that is not properly discussed yet.

More questions

There are many other questions as well: Does your payment provider require PCI Compliance in your shop? What about third party scripts added via Google Tag Manager or alike? Are third party Magento extensions supporting CSP already or not? How to fix this? What about Hyvä? How about utilizing the browser to effectively generate Magento CSP rules? How to monitor CSP warnings?

A webinar: August 30th, 15:00 CEST

This is why we organize a free webinar to inform you of all aspects on CSP. Join us on Friday, August 30th 2024 from 15:00 to 16:00 CEST. There are going to be some presentations, but we'll also dive into your questions if you have any.

Further reading

Posted on August 16, 2024

Join our free webinar on August 30th on implementing CSP in Magento and whether you should deal with it or not

Preregister now

About the author

Author Jisse Reitsma

Jisse Reitsma is the founder of Yireo, extension developer, developer trainer and 3x Magento Master. His passion is for technology and open source. And he loves talking as well.

Sponsor Yireo

Looking for a training in-house?

Let's get to it!

We schrijven niet te commerciële dingen, we richten ons op de technologie (waar we dol op zijn) en we komen regelmatig met innovatieve oplossingen. Via onze nieuwsbrief kun je op de hoogte blijven van al deze coolness. Inschrijven kost maar een paar seconden.

Do not miss out on what we say

This will be the most interesting spam you have ever read

We schrijven niet te commerciële dingen, we richten ons op de technologie (waar we dol op zijn) en we komen regelmatig met innovatieve oplossingen. Via onze nieuwsbrief kun je op de hoogte blijven van al deze coolness. Inschrijven kost maar een paar seconden.