@labthirty8: Cyber Security Technical Review of Marks and Spencer website 🐝An increasingly digital world means challenging to stay cyber safe, so we hope you glean insight: 🐝Cyber Security - Webpage structure, code, HTML, JavaScript, iframe, HTTP Security Headers (Content-Security-Policy (CSP), Subresource Integrity, X-Frame-Options, Permissions), dependencies, libraries 🐝Cyber Attack - Malware, Cross-Site Scripting (XSS), Packet Sniffing, Crypto-Jacking, Payment skimming 🐝 Monitoring & Mitigation - Code, HTTP Security Headers, scanning Marks and Spencer https://www.marksandspencer.com/ https://corporate.marksandspencer.com/media/press-releases/cyber-incident-further-update-0 🐝Virus Total https://www.virustotal.com/gui/home/url 🐝Security Headers https://securityheaders.com/ 🐝Mozilla Observatory https://developer.mozilla.org/en-US/observatory 🐝OWASP HTTP Security Response Headers Cheat Sheet https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html 🐝HTTP Archive https://httparchive.org/ HTTP Security Headers 🐝Content-Security-Policy https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP 🐝Subresource Integrity https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity 🐝X-Frame-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options 🐝X-Content-Type-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options 🐝Permissions Policy https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy @Marks & Spencer @Mozilla @Chrome #cyber #cybersecurity #xss #javascript #mozilla #owasp #fintech #browser #server #hacker #cyberattack #technical #cybersecurityawareness #marksandspencer #ncsc #mands

Lab Thirty8

Open In TikTok:

Region: GB

Sunday 27 April 2025 19:01:07 GMT

15566

185

Music

Download

No Watermark .mp4 (111.4MB) No Watermark(HD) .mp4 (72.15MB) Watermark .mp4 (0MB) Music .mp3

Comments

insulartrombonist :

The “no .html” being down to access controls… care to explain further?

2025-05-04 22:04:39

Next Deals UK :

does this video actually explain what went wrong with m&s?

2025-04-30 08:44:22

Korova Milkshake :

Congratulations on inventing a brand new genre - ASMR Cyber Security...😂

2025-04-27 20:09:12

Billy Chut :

is the js obfuscated? isn't it just minimised to reduce the file size. pretty standard behaviour

2025-04-28 19:48:45

SmallCISO :

a simple bitsight scan or similar would help to harden that domain and eliminate any potential hygiene issues. will be interesting to see what the attack vector was for the current outage!

2025-04-28 21:46:27

Declan Middleton :

Keep posting. I see your content growing 👍

2025-04-28 06:34:25

milkman :

did I just open tiktok to a video of a text book?

2025-04-30 20:38:31

user509318593347 :

ah yes, the time has finally come, cyber security asmr 🥰

2025-04-28 17:05:18

User378633567888 :

They don’t know what “proactive” means

2025-04-28 16:47:05

Davis S :

Utag is tealium IQ which is another tag manager, similar to google tag manager.

2025-04-28 21:40:59

Korova Milkshake :

If you put the obfuscated JS into an AI engine, would it not decipher it quite quickly?

2025-04-27 20:11:22

Desert, Spies and NHS Lies :

CSP headers are underappreciated. Had an interview with BA months ago and told them their old site was missing it, but their new ba.com/nx site was almost worse.

2025-04-28 17:39:32

justlooking0v0 :

ssllabs has a great tool for scanning your external website for common vulnerability.

2025-04-27 19:54:02

fortnitegamer397 :

I like u imma sim u

2025-04-28 08:25:13

To see more videos from user @labthirty8, please go to the Tikwm homepage.

Lab Thirty8

Open In TikTok:

Region: GB

Sunday 27 April 2025 19:01:07 GMT

Music

Download

Comments

insulartrombonist :

The “no .html” being down to access controls… care to explain further?

Next Deals UK :

does this video actually explain what went wrong with m&s?

Korova Milkshake :

Congratulations on inventing a brand new genre - ASMR Cyber Security...😂

Billy Chut :

is the js obfuscated? isn't it just minimised to reduce the file size. pretty standard behaviour

SmallCISO :

a simple bitsight scan or similar would help to harden that domain and eliminate any potential hygiene issues. will be interesting to see what the attack vector was for the current outage!

Declan Middleton :

Keep posting. I see your content growing 👍

milkman :

did I just open tiktok to a video of a text book?

user509318593347 :

ah yes, the time has finally come, cyber security asmr 🥰

User378633567888 :

They don’t know what “proactive” means

Davis S :

Utag is tealium IQ which is another tag manager, similar to google tag manager.

Korova Milkshake :

If you put the obfuscated JS into an AI engine, would it not decipher it quite quickly?

Desert, Spies and NHS Lies :

CSP headers are underappreciated. Had an interview with BA months ago and told them their old site was missing it, but their new ba.com/nx site was almost worse.

justlooking0v0 :

ssllabs has a great tool for scanning your external website for common vulnerability.

fortnitegamer397 :

I like u imma sim u

Other Videos

About

Legal