Attacks and Threats

What is Drive-by Web Skimming?

In drive-by web skimming, a threat actor compromises third- or fourth-party code with malware, with the hope that multiple organizations use this code and infect their websites and web applications inadvertently. Modern web applications load an average of over 20 third- and fourth-party scripts as part of the user experience. Compromising one of these third- or fourth-party elements with malicious JavaScript allows an attacker to compromise multiple websites simultaneously.

Free Assessment

Security for Everyone that Visits Your Website

Find out if your web application is hiding vulnerable, malicious, or dangerous code that could damage your customers and your business. No payment information required.

Back to education center

What is Drive-by Web Skimming?

Free Assessment

Security for Everyone that Visits Your Website

Pixels/Trackers transfer data to foreign locations around the globe - including nation states of concern

Independent of their Apps, bad actors banned by various executive orders have pixels/trackers on everyday websites

Pixels/Trackers Can Collect & Transfer Data Without Consent

TikTok Trackers Can Still Be Present Regardless of TikTok App Installation

Why Pixels/Trackers are Common and Abundant

Reducing the Noise: Why Vulnerability Types Matter

Data Asset Classification: Why it's Important for Client-Side Protection

Magecart Attack: Hacker steals credit card info from Canada’s largest alcohol retailer

3 Important Things to Know About Cookie Security

Five Client-Side Web App Risks Banking & Investment Should Know

Web Tracker Security: Lawsuit Filed Against Hospitals for Data Privacy Violations

How to Create and Deploy a Content Security Policy

Web Trackers: Your Next JavaScript Security Nightmare

Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

Pixels & trackers are present on mission-critical webpages and thereby increasing the likelihood of risks

HQ

Follow Us

What is Drive-by Web Skimming?

Free Assessment

Security for Everyone that Visits Your Website

Related Resources

Pixels/Trackers transfer data to foreign locations around the globe - including nation states of concern

Independent of their Apps, bad actors banned by various executive orders have pixels/trackers on everyday websites

Pixels/Trackers Can Collect & Transfer Data Without Consent

TikTok Trackers Can Still Be Present Regardless of TikTok App Installation

Why Pixels/Trackers are Common and Abundant

Reducing the Noise: Why Vulnerability Types Matter

Data Asset Classification: Why it's Important for Client-Side Protection

Magecart Attack: Hacker steals credit card info from Canada’s largest alcohol retailer

3 Important Things to Know About Cookie Security

Five Client-Side Web App Risks Banking & Investment Should Know

Web Tracker Security: Lawsuit Filed Against Hospitals for Data Privacy Violations

How to Create and Deploy a Content Security Policy

Web Trackers: Your Next JavaScript Security Nightmare

Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

Pixels & trackers are present on mission-critical webpages and thereby increasing the likelihood of risks

HQ

Follow Us