In this article:
Use the Source Defense app to receive insights into the security and risk impacts caused by JavaScript integrations and third-party tools that power your website. These integrations introduce a universal vulnerability that attackers use to compromise thousands of websites globally.
Source Defense is one of our growing list of partnerships with leading cybersecurity data providers who bring even more depth into specific issues that your security team needs to know about.
Meet Source Defense
Source Defense is an analyst-recognized pioneer and innovator of technologies that leverage machine learning, industry regulations, and best practices to improve website security and efficiency. Their a platform protects your online businesses against automated attacks and client-side threats, and improve operational efficiency.
CSC provides provides seven types of informational signal in SecurityScorecard:
Scripts on All Pages
This comprehensive list of all scripts that are running on your website shows all possible points of entry for malicious scripts to penetrate your website through third-, fourth- and nth-party JavaScripts.
Scripts on Sensitive Pages
Pages with sensitive information contain areas for user input or action, such as button elements, form and field elements, or text areas.
Listening to Page Click Events
Click events are used to exfiltrate data and perform website defacement or other malicious activities.
Listening to Forms Submissions
Form submissions are used by scripts for actions such as skimming, defacement, and data exfiltration.
Creating Forms or Input Elements on Page
Form or input elements gather sensitive user data. Exploits can be combined with other defacement attacks that use social engineering in advanced phishing strategies.
Directly Accessing Forms or Input Fields
Third-party scripts have direct access to forms or input fields that include sensitive data, such as payment details and login credentials. This access can be compromised and this data can potentially be sent to unauthorized parties. Impact can include violated data privacy and even theft of payment details.
Website Supply Chain Risk Score
This report provides insights into the security and risk impacts caused by JavaScript integrations and third-party tools that power your website. These integrations introduce a universal vulnerability that attackers have used to compromise thousands of websites globally including website skimming and formjacking.
Note: Partner signals are informational. They do not impact your Scorecard grade.
Install the Source Defense app
Any SecurityScorecard customer can install the app and view partner signals for their own Scorecard.
- Select Marketplace from the top menu in the SecurityScorecard platform.
- On the Marketplace page, start typing Source Defense in the search box and then select Source Defense to go to the installation page.
- View a description of the app, and click Install.
Installation completes in seconds with no additional prompts or messages.
Find Source Defense signals in the Scorecard
You can view any available Source Defense signals on your own Scorecard or any Scorecard you follow:
- Click the Scorecard tab, and select the Application Security factor.
Any available Source Defense signals appear in an Informational Signals section for that factor.
or
Click the Issues tab in the Scorecard. Any available Source Defense signal appears with their logo in the Informational rows of the table. - Click the signal to see a description of the signal and reference links for additional information or guidance.
- Scroll down for observation dates.
Learn more
Find out more about Source Defense's offerings.
Give feedback or get help
If you need help, have questions, or would like to give feedback about this integration, submit a Support request.