Jscrambler: the way to ensure your JavaScript applications really are protected
Share this on

Jscrambler: the way to ensure your JavaScript applications really are protected

Sponsored By Jscrambler

Maintaining the integrity of your Web Application on the Client-Side…

Given the conception of JavaScript – a client-side interpreted language – and its ubiquitous adoption, organizations across all sectors have now critical information and logic on the client-side, making it easy to grab or tamper with if no adequate measures are taken to protect web applications.

Entrusting the reputation of your business and the security of your end-users solely to antivirus software is no longer enough for organizations with an important online presence dealing with sensitive data. In particular, we should highlight those who do business in sectors where the cost of fraud can be significant and the loss of reputation dramatic, i.e. banking and financial services, e-commerce or government. The significant rise in client-side hacks is threatening to undermine the integrity of web applications, especially when dealing with an interpreted language such as JavaScript, the most popular language for programming today

Client-side attacks are among the most common threats facing users today, and yet many remain unaware of their prevailing menace and the fact that they are not being protected by the application owner. This calls for attention from the organizations that need to ensure their users are using their applications the right way.

“Traditionally, attackers went for hacking servers, but there has been a shift to the client-side because server-side applications have been targets for attackers since 2001, and these applications have matured,” says Amol Sarwate, Manager of the Vulnerability Lab at Qualys.

“Server-side attacks have waned because of better security surrounding them that makes it more difficult to exploit vulnerabilities,” he explains. “Load balancers and Web application firewalls are more common, making server defense more effective.”


But vulnerabilities in Web and Mobile applications are being hit by cross-site-scripting and malware injection attacks, among many more, upping the potential for considerable damage caused to both a business and its users – and even the big guns aren’t safe.

The dynamism and versatility of JavaScript made it the number one language more companies to develop important content on the web, leaving more and more data and logic to be held on the client-side.

In light of this looming threat, tech start-up Jscrambler presents an innovative solution, providing an integrated platform to protect client-side applications and keep your important assets safe.

Started in 2009, this company of self-confessed computer geeks was born out of necessity, when Rui Ribeiro and fellow co-founder Fortuna realised there was no tool capable of protecting JavaScript on the market and so the pair decided to create one.

Jscrambler gives companies the ability to transform their JavaScript apps and add layers of protection that will ensure their integrity and correct behavior. The first layer is focused on concealing the code and making sure that any sensitive data or logic is not understandable. This, paired with Code Traps – designed to enforce restrictions limiting by who, when and where the application can be executed – and the fact that it can make your apps self-defensive through anti-tampering and anti-debugging capabilities – so your application can defend itself from tampering and reverse-engineering attacks – means you can get back to business, safe in the knowledge your hard work and users are safely protected. It can also notify you when a client-side attack occurs so you are always in-the-know when it comes to the status of enterprise assets, even if your users are the ones infected.

This is the only company of its kind to offer the most advanced JavaScript obfuscation techniques, combined with polymorphic behaviour, meaning the protection engine can produce very distinct obfuscated versions with each separate build. Code locks and self-defending capabilities are the next layers of security that ensure the web application is properly secured. “If companies focus only on protecting the server, as they have been doing until now, they will leave their front door open to attacks such as user-experience tampering, malware injection, data leakage, Man-in-the-Browser (MITB) attacks, Intellectual Property and code theft,” says Jscrambler Co-Founder and Owner, Pedro Fortuna.


This flagship project is now the leader in JavaScript Application Security, used by more than 30,000 companies and individuals, across 145 countries – including Fortune 500 businesses in a diverse range of sectors such as Finance, Advertising, Media, and Gaming.

Jscrambler’s recently-added webpage integrity module adds an extra security layer, enabling the detection and removal of code injections, MITB attacks, DOM-tampering and data exfiltration on the client-side and in real-time. This allows spotting what code was injected and where in the webpage, giving an unprecedented visibility on what’s happening on applications on the client-side. At the same time, it requires absolutely no installation of anything locally, while making it an incredibly transparent and user-friendly platform that supports all browsers and platforms, helping prevent a class of attack that is growing in frequency and complexity.

“Easily creating your app, swiftly managing its different versions, effectively protecting it and deploying it – those are our goals and we guarantee security professionals and developers will enjoy the experience,” Fortuna says. I’m sure once they have tried it, they will agree that Jscrambler has emphatically fulfilled these objectives while guaranteeing reverse-engineers and hackers will have find unfeasible to attack web applications protected with our technology.

Follow Jscrambler on Facebook, Twitter, Google+ and LinkedIn

Topics covered: