A new report written by Osterman Research notes that most websites use third-party libraries to simplify common functions, but these same libraries often have application security risks. Organizations also typically lack visibility into third party code, making it difficult to determine if websites and web applications have been compromised.
Many organizations use 3rd party libraries to help speed up development and use the code to enable functions like ad tracking, payment integration, chatbots, customer reviews, social media integration, tag management, among others. Because these functions tend to be needed across many types of websites and applications, they’re often re-used by many organizations, increasing the available attack surface that attackers have when targeting these libraries.
According to the report, 99% of the survey respondents said that their websites use supply chain vendors or third-party code from vendors who also obtain code from their partners. Over three-quarters (80%) said third-party scripts account for 50-70% of their website’s functionality. This exposes most websites to the risks of shadow code.
The lack of visibility into this third party code is starkly apparent, as nearly half (48%) of the survey respondents could not definitively say that their websites had not suffered a cyber-attack.
With the risk from third party libraries, organizations need to take steps to prevent their websites and applications from being attacked and any existing vulnerabilities from being exploited. While many look to WAFs to protect their applications in production, there’s plenty of evidence that WAFs are less than effective at protecting web applications. Often overlooked is the category of products known as runtime application security protection, t ..
Support the originator by clicking the read the rest link below.
