Expand my Community achievements bar.

SOLVED

Adobe Launch Vulnerability Testing Extension

Avatar

Level 3
Level 3
9/21/22 9:50:40 AM

Does Adobe have any plug-ins on Launch (either a user added extension or behind the scenes Adobe) that monitors all the JS running on Launch and flags any malicious JS and checks the validity of the source?

 

My Customer is currently responding to a potential security risk on GTM where hackers can inject malicious code onto the site to skim credit card information from users. They allow credit card payments on their website using a 3rd party payment processor. They are urgently assessing that their website does not store any CC info and that GTM could not have any access to CC info. While the current published risk is for GTM, they will have to assess Launch and what type of security is in place. They currently collect data with GTM and Adobe Data Collection (A.K.A. Launch)

 

Ask: Does Adobe have any plug-ins on Launch (either a user added extension or behind the scenes Adobe) that monitors all the JS running on Launch and flags any malicious JS and checks the validity of the source? 

Views

308

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
9/24/22 1:23:36 AM

To answer your question directly: no, there is no such extension in the catalogue.

View solution in original post

Views

285

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Community Advisor
Community Advisor
9/21/22 3:09:50 PM

From the sounds of it.. people gained access to GTM and used it to add code to the site... any tag manager, ad server, etc could be used in such a way.... basically any code that is designed to add code to your site could be a threat.

 

There is no real checks that you can run from the tag manager itself to detect threats... besides, if a hacker gained access to the tag manager account, they could just disable anything that you put in place.....

 

The best defense is to try and make sure your tag managers have publish access limited to only a few accounts, and to make sure those accounts remain secure... running regular security and vulnerability tests on your site is also important. There are many tools and vendors out there that provide comprehensive testing.

 

While I don't believe GA has an equivalent to this... Adobe does still have the "self-hosted" AppMeasurement.js files... you could in theory only allow self-hosted trackers like that on the payment pages to prevent someone from creating code to grab the payment info from sensitive pages.. thereby preventing anyone from injecting code there... then use the tag manager everywhere else... this would mean that changes would need to be manually deployed to payment pages, but would reduce the risk.

Views

303

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
9/24/22 1:23:36 AM

To answer your question directly: no, there is no such extension in the catalogue.

Views

286

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply