Shadow code — third-party scripts and libraries often added to web applications without security validation — pose risks to websites and jeopardize compliance with privacy regulations, according to new research released Tuesday.
Third-party code leaves organizations vulnerable to digital skimming and Magecart attacks, the researchers also noted.
The study, conducted by Osterman Research for PerimeterX, found that more than 50 percent of the security professionals and developers surveyed believed there were some or lots of risk in using third-party code in their applications.
