Access Personally identifiable information (PII) is not the only target of bad actors who exploit client-side vulnerabilities. Some recent cases provide interesting insight into how it can also be abused to perform an assortment of fraudulent activity while “bloodying” website visitors, using those visitors to perform certain totally undetected actions.
A dangerous and easy to use tool
The challenges of third-party services
For security teams, managing customer-posed threats can be quite complex and overwhelming. Today, there are dozens of third-party services running on websites that run on the client side. Most security organizations end up with a blind spot on the services they are supposed to protect. This is not an easy task, as the security team is usually not part of the development cycle. Another workaround is the use of Content-Security-Policy HTTP headers, although these are extremely difficult to implement and maintain throughout the organization without additional useful tools.
Client-side protection is part of Imperva’s Application Security Suite. Start your Free Application Security Trial today.