Code running on sites can be exploited to steal or leak data via client-side attacks enabled by the programming language, says Tala Security.
SEE: The 10 most important cyberattacks of the decade (free PDF) (TechRepublic)
The interactive forms found on 92% of the analyzed websites expose data to on average 17 different domains. This data includes personally identifiable information (PII), login credentials, card transactions, and medical records. Based on Tala's analysis, this data is exposed to 10 times more domains than intended, one reason Magecart, formjacking, and card skimming attacks are able to continue.
"Standards-based security controls are built-into all modern browsers and are designed specifically to address the vulnerabilities created by modern web architecture, including client-side attacks," Tala said in its report. "Applied and managed correctly, these security standards, including Content Security Policy (CSP), Subresource Integrity (SRI), and others [such as HTTP Strict Transport Security (HSTS)] will mitigate client-side risk, including zero-day threats, offering a future-proof solution with no impact to website performance or user experience. Leveraging tools that complement these capabilities by monitoring and preventing PII and other data leakage provides a comprehensive defense-in-depth approach."
- How to become a developer: A cheat sheet (TechRepublic)
- Microservices: A cheat sheet (free PDF) (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Hiring Kit: .Net developer (TechRepublic Premium)
- Programming languages: Developers reveal most loved, most loathed, what pays best (ZDNet)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- It takes work to keep your data private online. These apps can help (CNET)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)
- Programming languages and developer career resources (TechRepublic on Flipboard)