Attacks and Threats

What is Drive-by Web Skimming?

In drive-by web skimming, a threat actor compromises third- or fourth-party code with malware, with the hope that multiple organizations use this code and infect their websites and web applications inadvertently. Modern web applications load an average of over 20 third- and fourth-party scripts as part of the user experience. Compromising one of these third- or fourth-party elements with malicious JavaScript allows an attacker to compromise multiple websites simultaneously.

Free Assessment

Security for Everyone that Visits Your Website

Find out if your web application is hiding vulnerable, malicious, or dangerous code that could damage your customers and your business. No payment information required.

Back to education center

What is Drive-by Web Skimming?

Free Assessment

Security for Everyone that Visits Your Website

Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

Hell Yeah, I Want an Automated Content Security Policy!

HQ

Follow Us

What is Drive-by Web Skimming?

Free Assessment

Security for Everyone that Visits Your Website

Related Resources

Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

Hell Yeah, I Want an Automated Content Security Policy!

HQ

Follow Us