[451 Group Report] Source Defense Looks to Close Web App Security Gaps

Credit card compromised recently? It could be due to a gap in control for modern web properties that attackers have been exploiting with formjacking tools like Magecart. As ecosystems expand, third-party trust becomes critical. Source Defense is working to help sites protect themselves from ‘friends.’ 

Web application developers have been learning the hard way that their envelope of protection often doesn’t extend as far as they’ve thought. After investing heavily to protect the application infrastructure, there’s still a significant attack surface at the user’s browser and the inclusion of third-party content expands it further. Formjacking tools like Magecart are powering attack teams in successful site compromises that are often invisible to site owners. There are a number of ways to address this gap and Source Defense is leveraging JavaScript sandboxing to lock down browser environments in a way that simplifies security operations and provides insight into web application and ecosystem activity. Web application developers and owners need to address this rapidly expanding threat with protections that are effective and operationally manageable.