References
Documentation
Section titled “Documentation”- About Client-Side Defense — Concepts and architecture
- Configure Client-Side Defense — Configuration guide
- Client-Side Defense — All CSD documentation
Product Resources
Section titled “Product Resources”- F5 Client-Side Defense — Product page and data sheets
- Client-Side Defense Demo — Video walkthrough
PCI DSS
Section titled “PCI DSS”- PCI DSS v4.0 Standard — Full standard document library
- Requirement 6.4.3 — Manage all payment page scripts: maintain inventory, provide written authorization and justification, verify integrity
- Requirement 11.6.1 — Deploy tamper-detection mechanisms on payment pages to alert on unauthorized modifications to HTTP headers and page content
Threat Research
Section titled “Threat Research”- OWASP Client-Side Security Risks — OWASP web application security testing guide
- Magecart Threat Research — Overview of Magecart groups and digital skimming campaigns
- British Airways breach (2018) — Magecart Group 6 injected a skimmer into the BA payment page, compromising 380,000 transactions
- Ticketmaster breach (2018) — Supply chain attack via compromised Inbenta chatbot script that skimmed payment card data
Attack Categories & Standards
Section titled “Attack Categories & Standards”- OWASP Clickjacking — UI redressing attack definition and prevention
- OWASP Man-in-the-Browser — Browser-based interception attack
- OWASP Cross-Site Scripting — Script injection attack taxonomy
- MITRE ATT&CK T1195 Supply Chain Compromise — Supply chain attack framework
- MITRE ATT&CK T1185 Man-in-the-Browser — Browser manipulation technique
- MITRE ATT&CK T1496 Resource Hijacking — Cryptojacking classification
- MITRE ATT&CK TA0010 Exfiltration — Data exfiltration tactic
- Akamai Web Skimming — Digital skimming overview
- Sansec Magecart Research — Magecart groups and campaigns
Privacy & Compliance
Section titled “Privacy & Compliance”- F5 CSD Privacy Statement — What CSD telemetry collects
- F5 CSD PCI DSS v4.0.1 Blog — Official PCI compliance mapping
Industry Standards
Section titled “Industry Standards”- OWASP Top 10 Client-Side Security Risks — Top client-side security risks project