Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations
PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, announced the availability of the Spring Release of PerimeterX Code Defender. It includes a rich set of capabilities designed to enable organizations to combat the growing threat of client-side supply chain attacks on websites and web apps.
Code Defender, named the 2021 SIIA CODiE Award winner for Best Security Solution, is a client-side web app security solution that provides comprehensive real-time visibility and control into a modern website’s supply chain attack surface, to identify vulnerabilities and anomalous behavior and proactively mitigate compliance risk.
“Client-side supply chain attacks have become one of the top types of cyberattacks, and can cause tremendous damage to a brand’s reputation and its ability to comply with growing data privacy regulations including GDPR and CCPA. Every business is dependent on website code from partners and the open source community to enrich their visitors’ experience. At the same time they are worried about the risk of supply chain attacks that can result from the use of a vulnerable component. Code Defender is the premier solution for identifying and proactively mitigating these risks,” said Omri Iluz, CEO and co-founder of PerimeterX.
Read More: Ivalua Recognized With A Customers’ Choice Distinction In 2022 Gartner® Peer Insights™…
The Spring Release of Code Defender includes:
- Comprehensive client-side mitigation capabilities to control legitimate JavaScript at a granular level, enabling customers to block specific actions without blocking the entire script. This adds to existing CSP mitigation capabilities that allow performance or prevention of specific script actions.
- Full visibility into client-side scripts running in a customer’s environment, including how scripts are interacting with the site, additional scripts they are interacting with and exposure details.
- An actionable dashboard offering an at-a-glance overview to quickly identify the high-risk PII, PCI, and vulnerability incidents that response teams should prioritize.
- Persona-based filtering so users can configure the dashboard based on what is interesting to each team, for example, focusing reports based on compliance or scripts from trusted and untrusted vendors.
According to Osterman Research, more than 99% of websites use third-party scripts to simplify common functions such as ad tracking, payments, customer reviews, chatbots, tag management, and social media integration, but only one in three websites have the capability to detect potential problems arising from vulnerabilities in this supply chain of code. More than 70% of a typical website can be comprised of third-party code. Malicious Shadow Code in first-, third- and nth-party scripts can modify page elements, insert fake checkout buttons or skim personally identifiable information from a website, including credit card numbers and passwords.
Code Defender continuously monitors and analyzes the behavior of all client-side scripts in real users’ browsers. The solution inventories and baselines known expected behavior, and then applies machine learning models to help identify new malicious, suspicious or anomalous behavior that warrants attention with appropriate severity rankings based on the level of perceived risk to a website. The solution runs 24/7/365 giving security operations teams real time visibility and control over all downstream client-side risks, freeing up application development teams to focus on innovation.
Read More: SalesTechStar Interview With Chris Weber, COO And President At SaaSOptics