PREDICTIVE INTELLIGENCE
�
Breaches originating from a thirdparty – such as the website supply chain – cost companies significantly more on average , emphasising the need for enterprises to closely vet the security of companies they do business with , align security standards and actively monitor third-party access . The complexity of this ecosystem is growing all the time :
• 63 % of JavaScript code executed in the browser is written and / or managed by third-parties .
• Forms , found on 92 % of all websites , expose data to an average of 17 domains .
What can you do about it ?
The vulnerabilities might be on your website , but the point of execution for all these attacks is in your customer ’ s web browser . And that ’ s where you need to go to secure them . The good news is that the same experts who built the modern web – Google , PayPal , W3C – saw these security flaws long before anyone else did and designed security standards and controls to protect against them .
They built these same controls into the browser ( i . e their ‘ browser native ’) and web application frameworks .
Many website owners seem unaware that the third-party JavaScript integrations powering their rich web experience are simultaneously exposing them to data theft and cyberattack .
These standards include CSP , SRI , Referrer Policy , Feature Policy , Trusted Types and HSTS . Together , they provide a comprehensive , defence-in-depth web security strategy . Businesses that deploy these controls will be using the same level of security to protect the client-side as web giants like Google . To really make it count , enterprises should adopt the following best practices :
• Controls should be implemented in multiple layers .
• Implement an active protection methodology that includes W3C and HTML5 standards-based controls . This will minimise thirdparty JavaScript exposure . There
34 www . intelligentciso . com