Digital Transformation and the Shadow Code Risk
As originally published in DEVOPSdigest
Businesses across the world are accelerating their digital transformation as consumers increasingly shift to online channels. Web applications have become a critical element of this digital journey and keeping them secure and performant is now more important than ever. However, there are new challenges that application developers face while delivering and maintaining these business-critical applications.
Web application developers often rely on open source libraries and third-party scripts in order to innovate faster and keep pace with evolving business needs. These scripts and libraries — often added without approvals or security validation — introduce hidden risks into the organization and make it challenging to ensure data privacy and to comply with regulations.
Collectively referred to as “Shadow Code,” these scripts provide essential services such as payments, analytics, chatbots, advertising or social media integrations. However, application security teams often don’t have a comprehensive understanding of what these scripts actually do, creating opportunities for malicious code injection attacks.
The Client-Side Blind Side
Often introduced without any formal approval process or security validation, these scripts run on the client side, which means traditional monitoring and security tools cannot provide the same visibility and control that you might have over server-side apps. This is a major blind side for appsec teams. So how big is this problem?
PerimeterX, in conjunction with Osterman Research, completed the second annual survey of application security professionals to uncover the extent and impact of Shadow Code across organizations in a diverse set of industries. The report, Shadow Code: The Hidden Risk to Your Website, finds that only 8% of respondents have complete insights into the third-party code running on their website. This is a very low result, which means that the vast majority of web applications out there have high levels of Shadow Code (Read more...)
*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2021/digital-transformation-and-the-shadow-code-risk/
