Defending against the Acceleration of Client-Side Website Attacks presented at OWASPBASC 2019

by Aanand Krishnan,

Summary : The acceleration of attacks leading to the theft of private customer information, financial transaction data and disruptions to user experience are the number one threat to digital commerce. These attacks include first and third-party JavaScript/supply chain compromises, cross-site scripting (XSS), ad injections and other forms of client-side attacks. Client-side website attacks like Magecart have mostly targeted eCommerce sites with the sole purpose of stealing credit card info. Unfortunately, the reality is that the same attack vector – malicious JavaScript supply chain attacks – could be used to steal user banking credentials, PII data, healthcare data, or just about any information that users enter into a browser. Nearly every website is vulnerable. Key Takeaways: Learn about the myriad of attack vectors threat-actors can leverage to compromise a website; Learn about the standards-based, native website security controls most often recommended by security practitioners to secure your customer’s website experience; Learn about the compliance standards that require consideration for the website experience you provide to your customers.