Dynatrace Real User Monitoring now automatically detects CSP violations, providing insights into potential frontend application attacks. The automatic alerting and deep analysis of CSP violations helps prevent malicious attacks for all web apps, with no configuration required.
Malicious attacks like cross-site scripting can make your website unresponsive or steal data and personally identifiable information of your users.
Content Security Policy (CSP) is a browser feature that adds an extra layer of security against such threats to your web applications. CSP ensures that all scripts and plugins on your website are safe and trusted, and that all page resources, such as images and stylesheets, are loaded from trusted sources.
We're excited to announce that Dynatrace Real User Monitoring now helps you
automatically detect security threats and
continuously improve your CSP policies.
Dynatrace now automatically detects all Content Security Policy violations as reported by the browser-for all your web applications-no configuration required.
Davis automatically detects security threats for all web apps
Davis, our AI-engine, automatically alerts you when it detects anomalies in your CSP violations. This means that you are always notified of any attempted attacks that cause CSP violations or of any potential misconfiguration of your CSP policies. Our Davis AI-engine unlocks these capabilities:
Continuously improve your CSP policies with deep analysis
Auto-baselining and smart alerting out-of-the-box for all request errors, including CSP violations
With no configuration, Davis automatically creates auto-baselines for request errors for your web applications and raises problems when anomalies are detected.
Customization for automatic alerts tailored to your requirements
If you want Davis to alert on CSP violations only, excluding all other available request error types, or if you want to want to focus on CSP violations for specific pages, Dynatrace has you covered.
You can leverage platform functionalities like calculated metrics, Multidimensional analysis for filtering errors by error type (request error codes) or resource (request error resources), and metric events for alerting to tailor alerting to your requirements. (For full details, see Configure and analyze web application errors in Dynatrace Documentation.)
Every single CSP violation indicates a script, plugin, or resource that is not covered by a Content Security Policy. This can be a misconfiguration and also a potential security threat to your application.
With Dynatrace you can easily identify which of your pages currently face CSP violations and then drill down to get all the information and context necessary to segment the error and fix or adapt your policies accordingly.
Besides linked user sessions, actions, and various breakdowns, we've also extended the error information with CSP-specific details:
Get started now
Was the violation truly enforced or was it only triggered in report-only mode, and therefore not truly enforced?
What's the related directive, and
what's the overall policy that was violated?
CSP violations are fully available with Dynatrace version 1.217. The easiest way to find such errors is to go to your desired application's overview page and look for CSP violations on the Top errors card (see example below). Of course you can also use CSP violations for multidimensional analysis when you filter by request error code.
If you're new to Dynatrace
Start your free trial today and gain unmatched insights into the digital experience of all your web and mobile apps.
Dynatrace Inc. published this content on 07 June 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 07 June 2021 14:48:04 UTC.