- E-skimming—E-skimming involves the introduction of code onto a webpage (often on an e-commerce or banking site) for the purpose of intercepting sensitive user information as the individual is entering the data into a web form.
- Formjacking—Involves the insertion of malicious code into a website to take over the functionality page’s forms to collect sensitive user information or valuable data.
- Cross-Site Scripting (XSS)—A type of client-side code injection attack, in which a hacker embeds malicious code on the client side or front end of a web application. The code then launches when the victim loads the website. The malicious code may capture sensitive information when the user enters data into a form or steal cookies to impersonate the user for social engineering purposes.
- Magecart—Involves the exfiltration of payment information and other types of customer data from businesses selling goods or services via their website. Threat actors inject malicious code into a web application’s front end to enable them to steal customer data as the shopper is entering the information into the online form.
Web Application Firewall (WAF)
Content Security Policy (CSP)
Penetration Testing and Assessments
Penetration testing (pentests) and vulnerability and security assessments on the client side or front end are uncommon at this time. Pentesting is an authorized and deliberate attack designed to locate weaknesses in an organization’s security controls. A vulnerability assessment is a systematic analysis and review of security weaknesses in a system. Security assessments evaluate processes, governance, and compliance. Pentesting and assessments are usually conducted by security experts with specific expertise in these fields. Once bugs and vulnerabilities have been identified, security experts will outline security gaps and provide mitigations. Unfortunately, pentests and assessments only provide information on a single point in time. In addition, they require sometimes hard-to-find and potentially costly expertise and are time and resource intensive.
Vulnerability scanning tools assess web application code to uncover known weaknesses, flaws, and bugs that could open an organization up to attack. Vulnerability scanners are used to identify and detect vulnerabilities arising from misconfigurations or flawed programming within network-based assets such as firewalls, routers, web servers, application servers, and more. Vul
Code Scramblers and Obfuscators
Client-Side Attack Surface Monitoring
Learn More in Our New E-book