Third-Party Content Poses Risk to Enterprises Websites

According to a white paper released by a malware monitoring company 'Dasient' on July 26, 2010, the third party elements, not in the control of the company webmasters, are the biggest security holes in most of the enterprise websites. Particularly, Dasient recognizes third party widgets, web applications and advertising as the biggest liabilities.

The report has discovered that in different verticals, 75% of enterprises utilize some type of third-party JavaScript widget, 42% of websites exhibit external advertisements, and up to 91% run third-party web applications. These third party sources are essential for enterprises to provide functionality to the users, but they can be exploited to propagate malware.

Neil Daswani, CTO and Co-founder of Dasient, said that this third party text could be compromised to access a corporate website, but most of the companies didn't do much to secure that, as reported by Dark Reading on July 26, 2010.

To conduct the study, Dasient ran automatic, passive malware risk evaluations against the websites of Fortune 500 companies and other websites that heavily rely on advertising widgets or some third party applications.

Daswani further stated that today websites became malware distribution vehicles and when a website included code from other places, it automatically increased the risk and attacked the surface, leading to the development of these structural vulnerabilities, as reported by the Earth Times on July 26, 2010.

The best method to mitigate the risks from these vulnerabilities is to examine websites for malware infections, he added.

Malware is surely not new to the web world, but as per the data collected by Websense and Microsoft and quoted by Dasient, daily malware infection has been growing at a rapid pace for the past few years.

By widgets, Dasient is pointing to embedded video, polls, traffic analytics and other JavaScript based apps that link to the third party websites. The more of these widgets a website uses, the more prospects are there for malware, to locate itself into the website.

To lessen the risk, Dasient suggests that enterprises should ensure that the third party partners have good security practices in place. Examining will also help companies to find the infection before the search engines and customers find them and even before the website get blacklisted, which cause brand loss, reputations and revenues.

Related article: Third Data Breach on Pfizer’s System

» SPAMfighter News - 8/6/2010