In this webinar, our team references a demo of a BurpSuite extension that can help detect and defend against MageCart attacks. Click the button below to view that demo.

Watch Demo

About the Webinar

MageCart attacks, and others like it, use content delivery networks (CDNs) as watering holes, leveraging JavaScript to directly attack consumers while bypassing traditional application security controls.

Detecting and combating these types of attacks is challenging but possible using new browser security controls (subresource integrity) and threat intelligence.

In this webinar, Peter Hefley and Matthew Lapinski, leading experts in Focal Point's Penetration Testing practice, walk through the strategies behind these attacks. They then discuss how to build a defense against them and demo a tool (built by their team) that can help you prevent future attacks. 

This webinar looks at:

  • The history of MageCart (and similar) attacks
  • The controls and security measures available to defend against these attacks
  • How to configure these controls
  • A new BurpSuite extension that integrates with intelligence data and helps you shore up your applications 

Meet the Speakers



Peter Hefley, Senior Manager, Cyber Defense

Peter Hefley is a Senior Manager of Focal Point’s Penetration Testing practice. Peter has over 15 years of information and security experience, with a strong background leading IT risk assessments, performing web application and network layer penetration tests, and developing information security programs.

Peter is a Certified Information Systems Security Professional (CISSP), GIAC Reverse Engineering Malware (GREM), GIAC Certified Penetration Tester (GPEN), and a GIAC S.T.A.R. in IP Packet Analysis.



Matt Lapinski, Manager, Cyber Defense

Matt is a Manager in Focal Point’s Penetration Testing practice. Matthew has over six years of information security experience, most recently with a large, managed security services provider. During that time, his work involved enterprise-level IPS, WAF, and endpoint security management.
Matt is a Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Offensive Security Certified Wireless Professional (OSWP), and an Offensive Security Certified Expert (OSCE).


Focal Point Data Risk LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority of the acceptance of individual courses for CPE credit.

Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN 37219-2417. Telephone 615.880.4200. Website Sponsor # 108908.