06/07/2021 | Press release | Distributed by Public on 06/07/2021 08:46
Dynatrace Real User Monitoring now automatically detects CSP violations, providing insights into potential frontend application attacks. The automatic alerting and deep analysis of CSP violations helps prevent malicious attacks for all web apps, with no configuration required.
Malicious attacks like cross-site scripting can make your website unresponsive or steal data and personally identifiable information of your users.
Content Security Policy (CSP) is a browser feature that adds an extra layer of security against such threats to your web applications. CSP ensures that all scripts and plugins on your website are safe and trusted, and that all page resources, such as images and stylesheets, are loaded from trusted sources.
We're excited to announce that Dynatrace Real User Monitoring now helps you
Dynatrace now automatically detects all Content Security Policy violations as reported by the browser-for all your web applications-no configuration required.
Davis, our AI-engine, automatically alerts you when it detects anomalies in your CSP violations. This means that you are always notified of any attempted attacks that cause CSP violations or of any potential misconfiguration of your CSP policies. Our Davis AI-engine unlocks these capabilities:
Every single CSP violation indicates a script, plugin, or resource that is not covered by a Content Security Policy. This can be a misconfiguration and also a potential security threat to your application.
With Dynatrace you can easily identify which of your pages currently face CSP violations and then drill down to get all the information and context necessary to segment the error and fix or adapt your policies accordingly.
Besides linked user sessions, actions, and various breakdowns, we've also extended the error information with CSP-specific details:
CSP violations are fully available with Dynatrace version 1.217. The easiest way to find such errors is to go to your desired application's overview page and look for CSP violations on the Top errors card (see example below). Of course you can also use CSP violations for multidimensional analysis when you filter by request error code.
Start your free trial today and gain unmatched insights into the digital experience of all your web and mobile apps.