• Ansnei
  • Sectors
  • Services
  • Emergency Insurance
  • Order Bodyguard
  • Contact
  • Partner
  • EN
    • EN
    • RU
    • DA
Ansnei
  • Ansnei
  • Sectors
  • Services
  • Emergency Insurance
  • Order Bodyguard
  • Contact
  • Partner
  • EN
    • EN
    • RU
    • DA
Home / Blog • Cyber • Security Consulting / Watch for 3rd party scripts
Blog, Cyber, Security Consulting ansneiadmin December 18, 2018

Watch for 3rd party scripts

A number of major data leaks have recently occurred by compromising scripts embedded on websites. These are scripts provided by third parties.

A number of major data leaks recently occurred by compromising scripts embedded on websites. These are scripts provided by third parties, and by compromising these scripts, you can attack the sites that use those scripts.

According to a rapport made by RisqIQ a group called ”Magecart”, made several compromising scripts. Customer Data at British Airways, Ticketmaster and others have been affected.

Intelligence services state, that this hreat should be part of your risk assessment for web-applications. It is common practice to use scripts that you do not manage yourself, but as these scripts are part of the web application, you should be aware of the security issues that it may cause.

OWASP has gathered a list of compromising 3rd party scripts and advices for how to handle the risks.

It is possible to use the Subresource Integrity (SRI) technique to ensure that a script is not modified relative to a validated version.

Overall, one should ensure that there is a process for dealing with security issues throughout the supply chain. If you get a third-party script, you should ensure, among other things, that you receive notifications about security issues and use versions that are patched. In general, you should also regularly remove third party components that are no longer used.

Ansnei – Keeping You Safe !

#Ansnei #AnsneiCyber #AnsneiData #Hacks #Phishing #WiFi #WiFiSecurity #intelligence

Related Posts

  • Prop i Suez

    Minor Delays in Suez today

    ansneiadmin March 24, 2021
  • Missiles in Saudi Arabia

    ansneiadmin February 28, 2021
  • Fitness on the job

    ansneiadmin February 02, 2021

Categories

  • Personal Protection
  • Event Protection
  • Maritime Protection
  • Security Consulting
  • Cyber
Theme by Bloompixel. Proudly Powered by WordPress