External Scripts Node

External scripts help developers create a separate file to write code and then create a link to the external file from another document. For example, developers can create an external JavaScript file and write a link to this file within HTML so that they don’t have to code each HTML file in which the JavaScript code appears.

However, any external script should be considered a potential security risk to your web application. Someone may have tampered with it to execute malicious JavaScript on the target web application. For example, a hacktivist group, the 'Syrian Electronic Army', targeted the Content Delivery Network that affected hundreds of websites, including well-known ones. They forced these web pages to display a message for the group.

The malicious code that external scripts can implement may also pave the way for Cross-site Scripting vulnerabilities. These would allow hackers to steal sensitive data, such as login credentials or credit card information.

During the scanning process, Acunetix 360 identifies all the external scripts in the target web application and lists them. Acunetix 360 also suggests using the Subresource Integrity (SRI) mechanism for all external scripts and reports ‘SRI Not Implemented’ for external scripts if they are absent the hashed value of the source in integrity attribute. (This is a Best Practice report. It is displayed under Issues and Sitemap in Acunetix 360.)

The External Scripts Node helps users determine whether the target web application has already been hacked. For example, it contains information on whether malware is being distributed via an injected script. All (un)trusted third party scripts used in your web application are also listed in the External Scripts node.

Once the scan is completed, all external scripts are listed under the External Scripts node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.

if_Gnome-Dialog-Information-64_55568.png

Information

Acunetix 360 forms Knowledge Base Nodes upon its findings. If External Scripts are not listed, it means that Acunetix 360 could not find any.

For further information, see Knowledge Base Nodes.

How to View the External Scripts Node in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  3. Next to the relevant website, click Report.
  4. From the Technical Report section, click the Knowledge Base tab.
  5. Click the External Scripts node. The information is displayed in an External Scripts tab.

 

« Back to the Acunetix Support Page