Halo Security Now Detects API Keys and Secrets Exposed in JavaScript
Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often, these tags are added without proper security controls or oversight from security teams, giving attackers an easy way to find exposed API keys and breach sites.
Halo Security, a leading attack surface management platform, has unveiled a new feature that helps security teams detect unintended exposures. Its agentless solution identifies secrets in scripts used across the attack surface, no matter how they’ve been added, so security teams know what is dangerous and what isn’t.
AiThority: How Generative AI is Transforming Audio Content
These tags are often added by developers and marketers via tag management systems, without understanding the risk. Research from Invicti suggests 6.3% of top sites on the internet are exposing keys and secrets.
Halo Security’s new feature has already detected and alerted customers to more than 700 instances of revealed secrets across websites it scans. It has found potentially devastating exposures like Amazon keys that unlock a site’s entire infrastructure, and proprietary back doors to third-party functionality like image carousels, where an attacker could upload or delete pictures and cause reputational harm.
Read: How AI NFTs Are Unlocking the Democratization of the Digital Economy
“Our pentesters have been flagging this issue more and more recently and it’s a problem most clients don’t even know about. With this new feature, we bring awareness continuously and automatically,” said Nick Merritt, Vice President of Security Products at Halo Security. “Our new JavaScript secret detections are the perfect compliment to existing script monitoring and analysis solutions.”
Halo Security customers now have access to a new report highlighting any exposed secrets in their JavaScript at no additional cost and with no additional configuration required. For companies looking to improve the security of their external attack surface, Halo Security offers a seven-day f********* to discover any existing keys exposed.
Latest Insights: Why Only AI and Data Analytics Can Stop Financial Criminals
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.