Accessing Personally Identifiable Information (PII) isn’t the only target of bad actors who exploit vulnerabilities on the client-side. Some recent cases provide interesting insight into how it can also be abused to perform an assortment of fraudulent activities while “leeching” on to website visitors, using these visitors to perform certain actions completely undetected.
A dangerous and easy to use tool
The challenges of third-party services
For security teams, handling the threats posed by the client-side can be quite intricate and taxing. Today, there are dozens of third-party services running on websites that are executing on the client-side. Most security organizations end up having a blind spot to the services they are supposed to protect. This isn’t an easy task, as the security team usually isn’t part of the development cycle. Using HTTP Content-Security-Policy headers is another workaround, although these are extremely difficult to implement and maintain across the organization without additional helpful tooling.
Client-Side Protection is a part of Imperva’s Application Security Suite. Start your Application Security free trial today.