How I got millions of credit card details using agencies’ Google Tag Manager (GTM) accounts
If you've been around this blog before you might know that I know a thing or two about Google Tag Manager (GTM), the convenient tool that lets you run marketing and analytics scripts on your website. What you might not know is that I'm also a father of two young children, and I can tell you, kids are expensive! So, obviously, on sleepless nights, one starts to ponder all the ways to make a quick buck on the side: 'How to use one's knowledge of the interwebs to create a nice college fund for the kids?'
Using GTM with a Content Security Policy (CSP) and impress your DevOps team in the process
The internet is a beautiful place. If you think chaos is beautiful, that is, because it is also a place where everyone and everything is hacked, abused, and manipulated for money, status or just the lolz. To prevent your precious Google Tag Manager implementation —and your entire site for that matter— from falling victim to malicious code taking over checkout funnels or secretly listening to form input from visitors it's time to implement a Content Security Policy (CSP).