Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Halo Security Now Detects API Keys and Secrets Exposed in JavaScript

SecurityNews
By Business Wire

Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often, these tags are added without proper security controls or oversight from security teams, giving attackers an easy way to find exposed API keys and breach sites.

Halo Security, a leading attack surface management platform, has unveiled a new feature that helps security teams detect unintended exposures. Its agentless solution identifies secrets in scripts used across the attack surface, no matter how they’ve been added, so security teams know what is dangerous and what isn’t.

AiThority: How Generative AI is Transforming Audio Content

These tags are often added by developers and marketers via tag management systems, without understanding the risk. Research from Invicti suggests 6.3% of top sites on the internet are exposing keys and secrets.

Halo Security’s new feature has already detected and alerted customers to more than 700 instances of revealed secrets across websites it scans. It has found potentially devastating exposures like Amazon keys that unlock a site’s entire infrastructure, and proprietary back doors to third-party functionality like image carousels, where an attacker could upload or delete pictures and cause reputational harm.

Related Posts

Daily AI News Roundup: 10 AI Events that Caught our Eyes

Apromore and Soroco Announce Strategic Partnership to Transform Process Optimization Through AI

CUBE Acquires Thomson Reuters Regulatory Intelligence (RegTech)

1 of 40,029

Read: How AI NFTs Are Unlocking the Democratization of the Digital Economy

“Our pentesters have been flagging this issue more and more recently and it’s a problem most clients don’t even know about. With this new feature, we bring awareness continuously and automatically,” said Nick Merritt, Vice President of Security Products at Halo Security. “Our new JavaScript secret detections are the perfect compliment to existing script monitoring and analysis solutions.”

Halo Security customers now have access to a new report highlighting any exposed secrets in their JavaScript at no additional cost and with no additional configuration required. For companies looking to improve the security of their external attack surface, Halo Security offers a seven-day free trial to discover any existing keys exposed.

Latest Insights: Why Only AI and Data Analytics Can Stop Financial Criminals

[To share your insights with us, please write to sghosh@martechseries.com]

Business Wire

Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure.
Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia.
Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.

You might also like More from author

Comments are closed.