Detecting and Controlling Rogue Third-Party Scripts in Web Applications

Explore the critical issue of web supply chain attacks and third-party script vulnerabilities in this 49-minute LASCON conference talk. Delve into the growing security blind spot created by companies' reliance on third-party components in web applications. Learn how these scripts, operating with the same privileges as first-party code, can harvest user input, hijack events, and modify webpage behavior. Discover the risks associated with handling sensitive information like payment card data and health records in this environment. Gain insights into detecting and preventing data breaches at the browser level, which often remain undetected for months. Understand the importance of visibility and control over third-party components to assess and mitigate risks. See real-world examples of attempted data leaks from Black Friday 2021, and witness a demonstration of rogue scripts accessing sensitive data. Learn about a new data-centric approach to detect and block these threats, equipping yourself with knowledge to protect against web supply chain attacks and enhance your organization's cybersecurity posture.

'Who allowed you to do that?' Detecting and Controlling Rogue Third-Party Scripts - Brad Burkle