Attacks and Threats

What is Drive-by Web Skimming?

In drive-by web skimming, a threat actor compromises third- or fourth-party code with malware, with the hope that multiple organizations use this code and infect their websites and web applications inadvertently. Modern web applications load an average of over 20 third- and fourth-party scripts as part of the user experience. Compromising one of these third- or fourth-party elements with malicious JavaScript allows an attacker to compromise multiple websites simultaneously.

Free Assessment

Security for Everyone that Visits Your Website

Find out if your web application is hiding vulnerable, malicious, or dangerous code that could damage your customers and your business. No payment information required.

Back to education center

What is Drive-by Web Skimming?

Free Assessment

Security for Everyone that Visits Your Website

3 Important Things to Know About Cookie Security

Five Client-Side Web App Risks Banking & Investment Should Know

Web Tracker Security: Lawsuit Filed Against Hospitals for Data Privacy Violations

How to Create and Deploy a Content Security Policy

Web Trackers: Your Next JavaScript Security Nightmare

Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

HQ

Follow Us

What is Drive-by Web Skimming?

Free Assessment

Security for Everyone that Visits Your Website

Related Resources

3 Important Things to Know About Cookie Security

Five Client-Side Web App Risks Banking & Investment Should Know

Web Tracker Security: Lawsuit Filed Against Hospitals for Data Privacy Violations

How to Create and Deploy a Content Security Policy

Web Trackers: Your Next JavaScript Security Nightmare

Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)

HQ

Follow Us