Partial Request Map View of www.Akamai.com
We, like almost all other internet-based businesses, use third-party scripts because they enhance the web experience, are easy to add and modify, promote a consistent web experience and are pre-integrated and maintained by the third parties. In fact, web sites today average 56% third-party scripts (Akamai has 68% third-party).
Source: Security and Frontend Performance, Challenge of Today: Rise of Third Parties, Akamai Technologies and O'Reilly Media, 2017
Magecart - a class of credit card hacker groups using new & more sophisticated attack methods has become the "poster child" of third-party scripts attacks.
Because third-party scripts come from a myriad of trusted and untrusted sources in a business's supply chain, the attack surface for web-facing applications has become significantly larger and harder to protect. Sites that use credit card processing are at constant risk - in fact out of the tens of thousands of sites hit with Magecart in the last few years, 1 in 5 victims are re-infected, often within months of the last attack.
Source: Sangine Security, 2018. <https://sansec.io/labs/2018/11/12/merchants-struggle-with-magecart-reinfections/>
Unfortunately, most application protection solutions today have tried to retrofit existing techniques to prevent third-party script threats using firewall and policy controls. When rigorously applied, this approach can restrict open business practices and the advantage of third-party scripts. And, when applied to loosely, can miss a lot of attacks.
The primary way, security teams keep their scripts clean, is via constant script review and testing... which is really hard.
Source: Symantec 2019 Internet Security Threat Report
Akamai will be launching Page Integrity Manager in 2020.
We are inviting customers to participate in a valuable beta project with a working product to help you be protected from malicious scripts.
To learn more, download our Beta Product Brief.
Join our beta program today by contacting your Akamai sales team.