PerimeterX published its “Shadow Code: The Hidden Risk to Your Website” report analyzing the use of third-party scripts on web applications.
The report written by Osterman Research noted that most websites use third-party libraries to simplify common functions like ad tracking, payment integration, chatbots, customer reviews, social media integration, tag management, among others.
However, these third-party scripts and open-source libraries often added carry application security risks like digital skimming and MageCart attacks.
Additionally, most organizations lack code visibility into third-party scripts, while half of the website owners cannot confirm that their websites have not been hacked.
Almost all web applications use shadow code, lack visibility
According to the report, 99% of the survey respondents said that their websites use supply chain vendors or third-party code from vendors who also obtain code from their partners. Over three-quarters (80%) said third-party scripts account for 50-70% of their website’s functionality. This exposes most websites to the risks of shadow code.
Additionally, website owners lack visibility…
