A friend runs an ecommerce company and has asked for some help. The company started small, selling private label fashion, but has now grown rapidly and has a lot of traffic.
Over time his team have implemented many external scripts (tracking pixels, external advertising scripts, third part consumer behaviour scripts etc). He is concerned about how to audit all of these effectively (and on an ongoing basis) to ensure everything is legitimate and none of these scripts are presenting a security concern for his shoppers. Either because it is malicious, or because it is simply doing more with their data than it is supposed to.
What is the best way to go about this? Is there potentially a ‘hygiene code checker’ type module out there for checking remote code before its executed on a client’s machine?
Any advice or pointing at a product/service provider who could help would be much appreciated.