External Scripts Node
The malicious code that external scripts can implement may also pave the way for Cross-site Scripting vulnerabilities. These would allow hackers to steal sensitive data, such as login credentials or credit card information.
During the scanning process, Acunetix 360 identifies all the external scripts in the target web application and lists them. Acunetix 360 also suggests using the Subresource Integrity (SRI) mechanism for all external scripts and reports ‘SRI Not Implemented’ for external scripts if they are absent the hashed value of the source in integrity attribute. (This is a Best Practice report. It is displayed under Issues and Sitemap in Acunetix 360.)
The External Scripts Node helps users determine whether the target web application has already been hacked. For example, it contains information on whether malware is being distributed via an injected script. All (un)trusted third party scripts used in your web application are also listed in the External Scripts node.
Once the scan is completed, all external scripts are listed under the External Scripts node in the Knowledge Base. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Acunetix 360 forms Knowledge Base Nodes upon its findings. If External Scripts are not listed, it means that Acunetix 360 could not find any.
For further information, see Knowledge Base Nodes.
How to View the External Scripts Node in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the External Scripts node. The information is displayed in an External Scripts tab.