Overview
Syllabus
Intro
Typical Formjacking Sequence
Formjacking Demo ... let's go shopping
Formjacking Incidents
Formjacking Detections and Infections
Get the Script onto the Server Own vulnerable infrastructure
Many Ways to Inject the Script • Directly in the HTML/PHP with a tag . Link to a remote server, e.g.
Script Activation Script is only activated if keyword is found, e checkout and if there is a web form Method Description
Gathering the Data
Exfiltrating Data
Easy to Use» Formjacking Toolkits
Not Always Easy to Help
Mitigation Tips
Summary - Formjacking - JavaScript Skimmers
Apply Slide - Formjacking
RSAConference 2020
Taught by
RSA Conference