SBN

A Look Inside the Shadow Code Risk

Shadow Code Risk

PerimeterX is excited to release the third annual report, Shadow Code: The Hidden Risk to Your Website, conducted by Osterman Research. More than 500 security professionals and developers responded to the 2021 Application Risk Survey, sharing their thoughts on the risks of third-party code and plans for combating the issue in the future. Read on for a summary of the results, or get the report to see all the details.

The way we build websites and applications has changed. Gone are the days of simple sites developed from your own source code. Today’s sites are more like legos, with many of the pieces pulled in from open source and third-party JavaScript libraries. In the survey, more than 99% of respondents reported that their site uses at least one third-party script, and almost 80% said that such scripts account for 50-70% of a typical website.

As web applications drive so much more business activity in today’s digital economy, enterprises face increasing pressure to quickly bring new functionality to market. To accelerate this innovation, development teams rely heavily on open source and third-party script libraries such as React and jQuery. Building upon the foundation of what already exists allows them to work faster and smarter, rather than wasting time reinventing the wheel.

Vulnerabilities in Third-party Code

In an effort to move quickly, developers often turn to open source libraries. They might introduce third-party scripts without the necessary approval or validation — or with only an initial security review, but do not re-evaluate when scripts change. Over 50% of survey respondents report that their third-party scripts change four or more times each year, but only 25% perform a security review for every script modification.

Also known as shadow code, this code can present major security vulnerabilities that hackers abuse to commit (Read more...)

*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2021/a-look-inside-the-shadow-code-risk/