Sign up to save your podcasts
Or
Share Managing Shadow Code & the Blind Side in 3rd Party Risk - Stephen Ward - PSW #733
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Managing Shadow Code & the Blind Side in 3rd Party Risk - Stephen Ward - PSW #733
With all of your focus and investment on 3rd party risk management, there is likely still a blind-side that remains unaddressed. It is an area that should be moved to the top of your priority list - both for its potential to cause material losses in the form of response costs and fines and judgements, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of JavaScript based attacks - click-jacking, digital skimming, formjacking, defacement, "Magecart" - exists for any organization collecting sensitive data or conducting transactions through their web properties. Attacks of this type have done damage to some of the biggest brands in the world - costing household names like British Airways tens of millions - and they happen by the hundreds per month. Already in 2022, we've seen headlines of major client-side attacks like the one that hit Segway - potentially impacting nearly a million consumers. This is an area of exposure introduced through your own code, and by your partners, that can only be addressed at the client-side. It remains widely unaddressed, as focus in website security to this point has been on securing the server side. Join us for an exploration of the threat of these attacks, real-world examples of the material impact they have caused, and dialogue on the approaches to mitigating this risk with pros and cons of each.
Segment Resources:
Our core whitepaper
https://info.sourcedefense.com/event/client-side-white-paper-2022?leadsource=White%20Paper
Blog on the blind side topic https://sourcedefense.com/resources/blog/wheres-the-blind-side-in-your-3rd-party-risk-its-on-the-client-side/
Free risk report on attendee's web properties https://sourcedefense.com/check-your-exposure/
This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw733
View all episodes
By Security Weekly Productions
5
22 ratings
With all of your focus and investment on 3rd party risk management, there is likely still a blind-side that remains unaddressed. It is an area that should be moved to the top of your priority list - both for its potential to cause material losses in the form of response costs and fines and judgements, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of JavaScript based attacks - click-jacking, digital skimming, formjacking, defacement, "Magecart" - exists for any organization collecting sensitive data or conducting transactions through their web properties. Attacks of this type have done damage to some of the biggest brands in the world - costing household names like British Airways tens of millions - and they happen by the hundreds per month. Already in 2022, we've seen headlines of major client-side attacks like the one that hit Segway - potentially impacting nearly a million consumers. This is an area of exposure introduced through your own code, and by your partners, that can only be addressed at the client-side. It remains widely unaddressed, as focus in website security to this point has been on securing the server side. Join us for an exploration of the threat of these attacks, real-world examples of the material impact they have caused, and dialogue on the approaches to mitigating this risk with pros and cons of each.
Segment Resources:
Our core whitepaper
https://info.sourcedefense.com/event/client-side-white-paper-2022?leadsource=White%20Paper
Blog on the blind side topic https://sourcedefense.com/resources/blog/wheres-the-blind-side-in-your-3rd-party-risk-its-on-the-client-side/
Free risk report on attendee's web properties https://sourcedefense.com/check-your-exposure/
This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw733
More shows like Paul's Security Weekly (Video)
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
StarTalk Radio
14,127 Listeners
This Week in Tech (Video)
255 Listeners
MacBreak Weekly (Video)
331 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Security Now (Video)
148 Listeners
Windows Weekly (Video)
79 Listeners
CyberWire Daily
1,009 Listeners
Security Weekly News (Video)
5 Listeners
Darknet Diaries
7,879 Listeners
First Ring Daily
51 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
91 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
58 Listeners
Cyber Security Headlines
127 Listeners