Shining a Light on Shadow Code

Logo
Presented by

Ameet Naik, Cybersecurity Evangelist, PerimeterX

About this talk

Modern web applications make extensive use of third-party scripts and open source libraries to speed up innovation and be responsive to business needs. Studies show that up to 70% of the scripts running on a typical website are third-party, which in turn call other scripts creating an extensive digital supply chain. These scripts and libraries introduce Shadow Code into the application which alters its security posture and vastly expands the attack surface. The recent succession of digital skimming and Magecart attacks on the client-side of web applications are one such consequence of Shadow Code. Paradigms like CI/CD, DevOps and DevSecOps enable a faster app development pipeline but make it harder to meet information security standards and data privacy requirements. However, security and innovation do not need to be at odds. In this session you will learn about: -Shadow Code and the negative impacts to your applications -Findings from a 2020 Survey on scope and impacts of Shadow Code in web applications -Strategies to manage Shadow Code risk using a trust but verify model
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (97)
Subscribers (9607)
HUMAN is a cybersecurity company that protects organizations by disrupting digital fraud and abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trillion digital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com.