New Feature: Detect exposed secrets and API keys in JavaScript

We're thrilled to unveil a new feature that can identify exposed secrets and API keys in your internet-facing JavaScript tags.

As web properties increasingly rely on third-party JavaScript to enhance functionality, the possibility of errors slipping through the cracks has also increased. Tags are often added without proper security measures or supervision from security teams, making it easier for attackers to find exposed API keys and infiltrate websites.

These tags are typically added by developers and marketers using tag management systems, often without comprehending the risks involved. Recent research has found that over 6% of top sites on the internet expose their keys and secrets.

With the Halo Security platform, our agentless scans now detect these types of exposures across all of your assets. We've already discovered potentially devastating exposures, such as Amazon keys that unlock a site's entire infrastructure and proprietary back doors to assets like image carousels, which can cause reputational harm by allowing attackers to upload or delete pictures.

These findings are now available in a user-friendly dashboard, allowing you to quickly and easily ensure that no accidental keys or secrets are being exposed. This feature is accessible to all customers using our Website Scanning service at no additional cost.

We hope this new feature helps you streamline remediation efforts, and we await your feedback!