FormJacking: What Does it Mean for You?

Apr 12, 2019 | Security + Integrations, Security and Confidentiality

Formjacking is one of the latest hacking techniques being used by threat actors across the Web. Formjacking involves inserting a small piece of malicious code, known as malware onto a victim’s system which allows a criminal to grab a customers’ personal information when website users submit forms. Formjacking can also be accomplished through a phishing email. Want to avoid this data security threat? Learn how FormAssembly protects you.

FormJacking & FormAssembly Users

Although the threat remains significant for all users on the internet, FormAssembly goes above and beyond to diminish the attack vector as much as possible to protect our customers. We remove the threat within our web applications with adequate attention to security and privacy. We’re continually scanning our applications for any unauthorized code to identify actors and code that may result in compromise. In the event of an issue, we protect FormAssembly customers by closing the vulnerability gap as soon as we are made aware, or adding mitigating controls to prevent damage.

Protecting You Against Formjacking

FomAssembly has a robust SDLC (Software Development Lifecycle) and QA process, which are followed for all software projects within the organization. Detailed plans describe how to develop, maintain, replace, and enhance specific software. The SDLC defines a methodology for improving the quality of code and the overall process against the codebase containing potentially malicious elements.

Some of the other specific ways we protect you against security threats include:

  • Sending the proper Content Security Policy (CSP) frame-ancestors directive response headers that instruct the browser to not allow framing from other domains. (This replaces the older X-Frame-Options HTTP headers.)
  • Employing defensive code in the UI to ensure that the current frame is the most top level window.
  • Using input sanitization and output encoding to mitigate against XSS injection of potentially malicious scripts created to pursue a UI Redress objective.
  • Applying the X-Frame-Options SAMEORIGIN header to ensure only the current site can frame content, protecting against maliciously placed iframe exploits.

In addition, FormAssembly follows security best practices and standards such as NIST, OWASP top 10 and SANS top 25. Threats are also mitigated using Static Analysis Security Testing (SAST) and Dynamic Analysis Security Testing (DAST) scans, which discover vulnerabilities and bugs within the code base.

Other Common Data Security Threats

Beyond formjacking, multiple other common threats to the security of your site and data exist, including injection, Likejacking, Filejacking, misconfigurations, and more. Each threat is just as important as the next, so we take the best path possible to elevate all common attacks.


Interested in a demo of FormAssembly’s secure web form solution? Reach out to explore features and functionality with our team.

Pin It on Pinterest

Share This