A number of major data leaks have recently occurred by compromising scripts embedded on websites. These are scripts provided by third parties.
A number of major data leaks recently occurred by compromising scripts embedded on websites. These are scripts provided by third parties, and by compromising these scripts, you can attack the sites that use those scripts.
According to a rapport made by RisqIQ a group called ”Magecart”, made several compromising scripts. Customer Data at British Airways, Ticketmaster and others have been affected.
Intelligence services state, that this hreat should be part of your risk assessment for web-applications. It is common practice to use scripts that you do not manage yourself, but as these scripts are part of the web application, you should be aware of the security issues that it may cause.
OWASP has gathered a list of compromising 3rd party scripts and advices for how to handle the risks.
It is possible to use the Subresource Integrity (SRI) technique to ensure that a script is not modified relative to a validated version.
Overall, one should ensure that there is a process for dealing with security issues throughout the supply chain. If you get a third-party script, you should ensure, among other things, that you receive notifications about security issues and use versions that are patched. In general, you should also regularly remove third party components that are no longer used.
Ansnei – Keeping You Safe !
#Ansnei #AnsneiCyber #AnsneiData #Hacks #Phishing #WiFi #WiFiSecurity #intelligence
