Case Study

Sally Beauty Protects Against Magecart and Digital Skimming Attacks



Sally Beauty is the U.S. and Canadian brand of Sally Beauty Holdings, Inc., a global distributor and specialty retailer of professional beauty products. Both retail consumers and salon professionals alike frequent its 5000+ stores worldwide and e-commerce site,  

- Lee Tarver

Sr. Manager, Security Architecture and Engineering, Sally Beauty
“We wanted to find the anomalies and changes in our client-side scripts. The Code Defender behavioral analysis solution greatly simplifies this process. Combined with the threat intelligence on the backend, it helps us identify the known risks to our website, and enables us to work with our partners in e-commerce to mitigate those risks.”
Human-Case Study-Exclamation Mark Icons@2x


Sally Beauty conducts a significant portion of its business online and processes tens of thousands of credit cards each day. The company wanted to avoid digital skimming and Magecart attacks, and they understood that weaknesses in first- and third-party scripts put them at risk. 

To detect vulnerabilities, Sally Beauty had to manually monitor and track the behavior of all website code. This time-consuming task required a dedicated person on their infosec team, which was not scalable. Furthermore, although the team could perform static audits and monitor the server side, they did not have the same visibility into the client-side scripts.

Sally Beauty needed an automated solution to ensure safe online payment transactions and achieve data privacy compliance.

Human-Case Study-Shield checkmark icon@2x


Sally Beauty implemented HUMAN Code Defender to eliminate the manual process of auditing all first- and third-party scripts on its website. There were several factors that led to their decision:
  • Automated client-side security: Sally Beauty already had a WAF solution to protect the server side, but they had not deployed content security policy (CSP) due to the complexity of managing it. Code Defender implemented CSP rules automatically in conjunction with behavioral code analysis and granular JavaScript blocking.
  • Easy implementation and integration: Sally Beauty enabled Code Defender without any configuration changes to its websites or infrastructure. In addition, Code Defender integrated easily with Salesforce Commerce Cloud (SFCC) in the form of an SFCC cartridge.
  • Robust insights: Sally Beauty was able to gain visibility into its client-side scripts via the easy-to-use customer portal. This informed real-time mitigation efforts and future strategy.


Using Code Defender, Sally Beauty saved considerable time and resources spent on monitoring JavaScript vulnerabilities and discovering the points of exposure. What used to take more than a half a day now took a matter of minutes. This allowed the company to optimize their operational resources.

They gained new runtime visibility into the client side. Sally Beauty also gained considerable value from the threat intelligence in the customer portal. The security team was quickly able to discover behavioral anomalies and changes to the website scripts, and then work with their e-commerce teams to analyze anomalous activities and mitigate risks.

With Code Defender, Sally Beauty protects against digital skimming and Magecart threats, without hampering innovation. This instills customer confidence, protects brand reputation and helps ensure compliance with data privacy regulations.

Connect with Us
to Learn More How HUMAN Can Mitigate Magecart and Digital Skimming Attacks for You

Related Resources