Commissioned by PerimeterX

Published September 2021

Executive Summary

More than 99% of websites use third-party scripts, but only one in three can detect potential problems that could lead to digital skimming and Magecart attacks

Osterman Research conducted a large survey to uncover the extent and impact of third-party scripts and open-source libraries that are used in web applications in organizations across industries. These scripts and libraries—often added without approvals or security validation—can introduce hidden risks into the organization and make it challenging to ensure data privacy and comply with various privacy regulations. Collectively referred to as “Shadow Code,” these scripts and libraries are used for tasks like ad tracking, payments, customer reviews, chatbots, tag management, social media integration, or other helper libraries that simplify common functions. The goal of this survey was to understand the hidden risks that organizations face from the unmanaged use of Shadow Code.

This is the third annual survey conducted by Osterman Research for PerimeterX on the use of Shadow Code in web applications.