Script behaviors are actions that the script initiates or characteristics of the script that Source Defense identifies and presents on the script page for full transparency and to alert on new behaviors or characteristics identified. The security dashboard shows all of the observed behaviors of all the scripts found. The script page shows all the observed behaviors triggered by that script.
For scripts found on payment pages, monitoring those observed behaviors will help you comply with PCI DSS 4.0 requirement 6.4.3, to ensure the scripts integrity.
Below is a list of script observed behaviors with a description and how it may appear on our Script Page.
Click here for an article on 'How to ensure my website is safe from potential malicious behavior from scripts' which provides guidelines on how to manage behaviors to ensure security.
Click here for the article 'How to monitor behaviors to ensure PCI compliance' which provides guidelines on how to manage behaviors to ensure PCI compliance, similar to the article above.
|
Sending data to a blacklisted domain This script sends data to a blacklisted domain and therefore we recommend to remove or block it due to its high risk. Loaded from a blacklisted domain This script is loaded from a domain that was found to be a blacklisted domain and therefore we recommend to remove or block it due to its high risk. Accessing PII data This script is accessing PII data; it is potentially collecting sensitive personal information about people, such as names, addresses, and financial details. This can be for legitimate purposes like user accounts or malicious activities like identity theft. Click on the 'Script behavior' row to reach the management page where you can drill-down to see which fields specifically are being accessed. Accessing PCI data This script is accessing PCI data; it is potentially collecting sensitive payment information like credit card numbers and names. This can be due to secure transactions or potentially malicious activities. Click on the 'Script behavior' row to reach the management page where you can drill-down to see which fields specifically are being accessed. Accessing credential data This script is accessing credential data; it is potentially collecting sensitive login information like usernames and passwords. This could be for valid login processes or potentially for unauthorized access. Click on the 'Script behavior' row to reach the management page where you can drill-down to see which fields specifically are being accessed. Accessing data (that is neither PII, PCI nor credential data) This script is accessing data that we have not identified as PII, PCI or credential data which may or may not be authorized. Click on the 'Script behavior' row to reach the management page where you can drill-down to see which fields specifically are being accessed. Transferring data The script is transferring data to another domain. Executing risky actions The script is executing a risky action such as eval. Although commonly used, the eval function can pose a major security risk as it can be used to inject malicious code. Using 1st party cookies This script is using first party cookies, which is generally common practice. However, on occasion we find this used as a method of flagging a customer, in order to avoid attacking the same customer twice. Using browser storage This script is using browser storage, which is generally common practice. However, on occasion we find this used as a method of flagging a customer, in order to avoid attacking the same customer twice. Accessing microphone This script is trying to access the microphone which is generally unusual practice for a script. Accessing camera This script is trying to access the camera which is generally unusual practice for a script. Sending push notifications This script is trying to send push notifications which is generally unusual practice for a script. Accessing GPS This script is trying to access GPS which is common for applications that require GPS location such as Google Maps. |