Question
On a scorecard, in the Vendor Detection tab (AVD), I can see the number of 3rd parties that are linked with the scorecard. However, the number of third party with "HTTP requests" as detection method is lower than I would expect. Why?
Answer
3rd parties detected under "HTTP requests" source are pulled from HTTP requests and responses made from the crawled website of the scorecard. For example, on scorecard example.com, the website crawled will be https://example.com. When loading the site, a request is made to twitter.com then Twitter becomes a 3rd party detected by "HTTP requests" for example.com scorecard in the Vendor Detection tab.
As "HTTP requests" is gathered using website crawlers, if the website has anti-crawling protection (ex: Imperva Incapsula, Cloudflare... etc.), it will prevent the 3rd parties to be gathered, resulting into a number of 3rd parties detected lower than expected in AVD.
While SecurityScorecard is continuously updating its scanners, it cannot guarantee successful crawling when such protection is enabled. SecurityScorecard encourages the implementation of best security practices protecting digital content.
See Also
Manage supply chain risk with Automatic Vendor Detection
Comments
0 comments
Article is closed for comments.