Halo Security detects secrets and API keys exposed in JavaScript

halo security dashboard


Web properties increasingly rely on third-party JavaScript for enhanced functionality, but this also comes with its own risks.

Halo Security Dashboard

A Source Defense report that scanned the 4,300 most trafficked websites worldwide found an average of 4 third-party scripts per page. These tags are often added without proper security controls or oversight by security teams, making it easy for attackers to find exposed API keys and violating sites.

Halo Security has announced a new feature to help security teams detect unintended exposure. Its agentless solution identifies the secrets of scripts used across the attack surface, regardless of how the scripts were added, so security teams know what’s dangerous and what’s not.

These tags are often added by developers and marketers through tag management systems without understanding the risks. According to Invicti’s research, 6.3% of the top sites on the internet expose his keys and secrets.

Halo Security’s new feature detects and alerts customers to over 700 sensitive information across scanned websites. potential, such as Amazon keys that unlock the site’s entire infrastructure, or proprietary backdoors to third-party features such as image carousels, where attackers can upload or delete images to damage their reputation. found devastating exposure to

“Our pentesters have been flagging this issue more and more lately, and it’s an issue that most clients don’t know about,” said Nick Merritt, vice president of security products at Halo Security. “Our new JavaScript secret detection perfectly complements our existing script monitoring and analysis solutions.”

Halo Security customers can now access new reports highlighting secrets exposed in JavaScript at no additional cost or additional configuration. For companies looking to improve the security of their external attack surface, Halo Security offers his 7-day free trial to detect existing public keys.


Source link

What do you think?

Leave a Reply

GIPHY App Key not set. Please check settings


    VodafoneZiggo Deploys Media Distillery to Improve UX for Nearly 4 Million Video Subscribers

    129486290 dinosaur2

    Royal Society: Four incredible objects that made science history