A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often, these tags are added without proper security controls or oversight from security teams, giving attackers an easy way to find exposed API keys and breach sites.
Halo Security has unveiled a new feature that helps security teams detect unintended exposures. Its agentless solution identifies secrets in scripts used across the attack surface, no matter how they’ve been added, so security teams know what is dangerous and what isn’t.
These tags are often added by developers and marketers via tag management systems, without understanding the risk. Research from Invicti suggests 6.3% of top sites on the internet are exposing keys and secrets.
Halo Security’s new feature has already detected and alerted customers to more than 700 instances of revealed secrets across websites it scans. It has found potentially devastating exposures like Amazon keys that unlock a site’s entire infrastructure, and proprietary back doors to third-party functionality like image carousels, where an attacker could upload or delete pictures and cause reputational harm.