javascript is everywhere [infographic]
TRANSCRIPT
Sources:https://heimdalsecurity.com/blog/top-financial-malware/http://www.techweekeurope.co.uk/e-regulation/ibm-bank-transfer-scam-165952#kobpOsE0Wx8tITzc.99https://www.statista.com/topics/1145/internet-usage-worldwide/https://techcrunch.com/2015/03/31/google-says-5-of-web-browsers-have-ad-injectors-installed/https://www.whatech.com/mobile/blog/28074-a-worldwide-tendency-on-mobile-platforms-and-application-developershttp://www.clock.co.uk/blog/javascript-frameworks-in-2016https://legalmatterblog.com/2015/02/09/mobile-apprehension-the-growing-problem-of-counterfeit-and-pirated-mobile-applications/https://w3techs.com/technologies/details/cp-javascript/all/allhttps://stackoverflow.com/research/developer-survey-2016#most-popular-technologies-per-occupation
Make Your Web ApplicationProtect Itself
IN SUMMARY, DON'T FORGET TO PROTECT YOUR APPLICATION ON THE CLIENT-SIDE TOO
Use Content Security Policy (CSP) to white list the resources that you allow your application to use
#1
Perform Integrity Checkson the external resources you load from your application with Subresource Integrity
#2
Set up Client-Side Runtime Application Security Protection (RASP)#3
Force your Application to only use HTTPSby using HTTP Strict Transport Security (HSTS)
#4
Use SAST and DAST to Discover Vulnerabilities in your CodeStatic Analysis Security Testing e Dynamic Analysis Security Testing are ideal to make sure that both your server and your client-side code have no vulnerabilities
#5
Employ Client-Side Code Injection Detection and Removal Technology#6
Apply strong SSL Encryption in your Web Application#7
Make your client-side Code Polymorphic to avoid Tampering Threats#8
Use Certificate Pinning in your Mobile Application#9
TOP SECURITYRECOMMENDATIONS
#1
E-COMMERCE APPS TAMPERING
#2
#3
SIGN IN
* **
**
* *
INFORMATIONLEAKAGE
MALWARE INJECTION
SERIAL KEY
PIRACY & LICENSEVIOLATIONS
MAN-IN-THE-BROWSERATTACKS
COUNTERFEIT APPLICATIONS
CODE THEFT
Ad exploit attacks inject unauthorized ads and products, affiliate hijacking and spyware, severely damaging the customer journey
MALWARE ATTACKS
ONE SINGLEDRIDEX MALWARE ATTACK
EARNED AT LEAST
$50 MILLIONand spread across30 COUNTRIES
$
BUY-10%
$
BUT THERE ARE RISKS...
COUNTERFEIT APPLICATIONS AT:
of all Googleusers infected by Ad Malware
+5%
DYRE WOLF' BANKTRANSFER SCAM NETS CRIMINALS
more than $1 BILLION
to date
$
ZEUS/ZBOTspread on more than
70,000 ACCOUNTSof banks and businesses
including NASA andBANK OF AMERICA.
$
pirated appsare distributed,worth and estimated
$700,000
1M
IT’S BEING USED BYTHOUSANDS OF COMPANIES
...SO THERE'S MORE AND MORE STUFF BEINGDONE ON THE WEB AND ON THE CLIENT-SIDE
MOST POPULAR LANGUAGE AT...
#1
Hackathons#2
#1
#1
THOUSANDS OFFRAMEWORKS & LIBRARIES
MILLIONS OF $ LOST INONLINE SALES EVERY YEAR
93,6%ON ALL WEBSITES IN MOBILE APPS
55%
On August 2016 the percentage of JavaScript reached:
IS
EVERYWHERE