Kowatek Solar LTD
OpenAI Expands Daybreak to Help Defenders Patch Flaws
14:33
OpenAI Expands Daybreak to Help Defenders Patch Flaws
Published at Ceramics International – Upcycling copper slag into high-performance spinel-based ceramics with integrated solar absorption and storage
09:15
Published at Ceramics International – Upcycling copper slag into high-performance spinel-based ceramics with integrated solar absorption and storage
Engineers Explore Pneumatic Air Spring Actuation for 30-40 Percent Boost to Outputs of Industrial Energy and Rural Solar Farms
17:53
Engineers Explore Pneumatic Air Spring Actuation for 30-40 Percent Boost to Outputs of Industrial Energy and Rural Solar Farms
Climate fiction envisions the future of hurricanes and sea level rise » Yale Climate Connections
11:10
Climate fiction envisions the future of hurricanes and sea level rise » Yale Climate Connections
Sunshine & Heat Pumps — How Greece Does Net Zero
17:54
Sunshine & Heat Pumps — How Greece Does Net Zero
ARENA commits AU$95.4 million to extend ACAP to 2033
09:20
ARENA commits AU$95.4 million to extend ACAP to 2033
Do You Have The Right Inverter For 3 Free Hours Of Power?
09:18
Do You Have The Right Inverter For 3 Free Hours Of Power?
Enphase Energy brings microinverter tech to data centres
09:17
Enphase Energy brings microinverter tech to data centres
Ohmium and Hynfra partner on green hydrogen
09:16
Ohmium and Hynfra partner on green hydrogen
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
17:54
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant

The Challenge of Protecting Websites from Third-Party Scripts

May 5, 2023hacker newsWebsite Security / Data Safety

third party script

Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become important tools for businesses to optimize website performance and services for global audiences. But as its importance grows, so does the threat of cyber incidents involving unmanaged third-party apps and open source tools. Online businesses have complete visibility and control over the ever-changing third-party threat landscape, as advanced threats such as evasive skimmers, Magecart attacks, and illegal tracking practices can cause significant damage. I am struggling more and more with this.

This article discusses the challenges of protecting modern websites from third-party scripts and the security risks associated with lack of visibility into these scripts.

Invisible to standard security controls

Third-party scripts are often invisible to standard security controls such as web application firewalls (WAFs). This is because they are loaded from external sources not under the control of the website owner. When a website loads a third-party script, it runs in the user’s browser along with the website’s own code. This means that WAFs, which are typically placed in front of websites to inspect and filter incoming traffic, may not be able to detect and block malicious activity originating from third-party scripts. increase.

Additionally, third-party scripts often use obfuscation techniques to hide their true purpose or to evade detection by security controls. This can make it more difficult for security controls to identify and mitigate potential threats. Therefore, it is important that website owners take additional steps to monitor and control the behavior of third-party scripts.

Lack of visibility poses security risks

Lack of visibility into third-party web apps and open source tools can pose several security risks to your organization, including:

  1. Data breach: Third-party apps often have access to sensitive data. Lack of visibility into these apps can make it difficult to detect and prevent data breaches and unauthorized access to sensitive information.
  2. Malware and Viruses: Third-party apps can introduce malware and viruses into your organization’s systems, which can infect other systems and cause data loss and system downtime.
  3. Non-compliance: Third-party apps that are not properly vetted or compliant with regulatory requirements can expose organizations to legal and financial risks, including fines and lawsuits.
  4. Network vulnerability: Third-party apps integrated into an organization’s systems can create network vulnerabilities that can be exploited by cybercriminals.
  5. Bad security practices: Some third-party apps may not have strong security controls in place, which can increase the risk of security incidents and data breaches.

A thorough understanding of the third-party apps your organization uses and implementing strong security controls and processes such as continuous security assessment, monitoring, and patching are essential to mitigating these risks. Additionally, it is important to have clear policies and procedures for selecting, reviewing, and managing third-party apps to ensure they meet your organization’s security and compliance requirements.

External/installed monitoring solution

Effective monitoring of third-party scripts requires an external or installed monitoring solution. Many companies install security scripts on their websites to protect against known threats and vulnerabilities. However, these scripts are restricted by viewing restrictions and cannot access many third-party components such as iFrames and the scripts they contain. This approach to embedded monitoring is designed to enhance the security of web components, but these iFrames contain trackers, pixels, and multiple uncontrolled third-party scripts that can be installed. Javascript is limited in its ability to provide complete security.

Lack of visibility into third-party scripts is a major challenge for businesses as it limits their ability to map all trackers, detect data leaks, and build an effective inventory of third-party apps and scripts. Critical activities such as detecting his CVE in JS frameworks, tracking pixels like Meta and TikTok, and misconfiguring tags will be limited as these components will no longer be accessible. This restriction exposes businesses to the risk of: Data collectioncan lead to lost revenue, reputational damage and regulatory fines.

Increased visibility with external monitoring

Built-in website monitoring solutions suffer from a lack of visibility. External monitoring solutions can therefore be the answer to this challenge. Just recently, Reflectiz, an external monitoring solution, helped a large financial services company to TikTok pixelsThe company used Reflectiz on its website for security monitoring, and the solution detected fraudulent activity related to pixels. A TikTok pixel script was accessing sensitive input data in one of the login forms. TikTok updated its pixel and the new version was “painting” users on her website, accessing their personal information and sending that information to their servers. Reflectiz’s research team provided clear mitigation steps to immediately terminate unauthorized pixel activity.

This case is a clear example of how externally monitoring a website can improve visibility into the latest attack surface. This differs from installed monitoring solutions that simply cannot see the big picture and effectively monitor third-party his website components such as iFrames. , tags, and pixels.

Screenshot of bad Tiktok pixel detection
Screenshot of bad Tiktok pixel detection

Maintain complete security against third-party scripts

So how do you protect your website from the risks associated with third-party scripts? Here are some tips.

  1. Conduct regular security audits. We regularly audit our websites and third-party services to identify vulnerabilities and quickly address them.
  2. Use an external website monitoring solution. Implement a website monitoring solution that can detect suspicious activity and provide clear mitigation steps to address it.
  3. Use secure hosting: Choose a secure hosting provider that offers regular backups, monitoring, and security updates.
  4. Educate your employees: Train your employees to recognize potential threats and educate them on safe online practices.
  5. Use two-factor authentication. Require two-factor authentication for all sensitive areas of your website, such as admin panels and checkout pages.
  6. Use Content Security Policy. Implement content security policies to restrict the types of content that can be loaded on your website.
  7. Keep your software up to date: Regularly update website software, including third-party services, to ensure that known vulnerabilities are patched.

In conclusion, the increasing reliance on third-party scripts poses new challenges for online businesses trying to maintain the security and privacy of their users. Lack of visibility into these scripts increases the likelihood of data breaches, cyberattacks, and compliance violations. Businesses should understand the third-party apps used by their organization and implement strong security controls and processes. External website monitoring solutions such as: Reflectionscan greatly improve your online visibility and provide clear mitigation steps to deal with suspicious activity associated with third-party scripts.

Did you find this article interesting?Please follow us twitter and LinkedIn to read more exclusive content we post.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us