Some milestones cannot go unnoticed.
So, what did we learn from half a million protected builds (from over 43,000 users)?
JS Protection is Much More Than Obfuscation
On the contrary, Jscrambler isn’t an obfuscation tool that seeks to keep adding new features. It is a code protection technology that leverages tried-and-true techniques to address real key security threats.
And this leads us to another key realization:
A great thing about protecting half a million app builds and working with over 43,000 users is getting to know in-depth several different attacks to source code.
In the Web, abuse refers to exploiting the web application’s functionalities to gain access or privileges through the use of bots. Automated attacks are concerning because they can target new versions of the code with minimal cost, which means that they can scale, hit more targets, or even allow attacks to be conducted remotely.
Cloud providers that offer free benefits in new accounts are often targeted, as attackers abuse this system to automate new trial account creation and use the benefits for mining cryptocurrencies, for example.
Management, Investors, Regulators Call For JS Protection
As knowledge about Application Security becomes more widespread, we see source code protection becoming a standard. OWASP, for example, directly mentions this in their Mobile Top 10 Security Risks:
|M8 Code Tampering||M9 Reverse Engineering|
|“The mobile app must be able to detect at runtime that code has been added or changed (…) The app must be able to react appropriately at runtime to a code integrity violation.”||“In order to prevent effective reverse engineering, you must use an obfuscation tool.”|
And just last week, the National Institute of Standards and Technology (NIST) also dedicated a section of their secure software development white paper to “Protect Software”, stating:
Help prevent unauthorized changes to code, both inadvertent and intentional, which could circumvent or negate the intended security characteristics of the software. For code that is not intended to be publicly accessible, it helps prevent theft of the software and may make it more difficult or time-consuming for attackers to find vulnerabilities in the software.
Nobody put it better than one of our clients in Banking:
JS Doesn’t Stop, Attackers Don’t Stop — We Stay Ahead
Our mission has always been straightforward: to make sure companies can get the latest technology to safeguard their business in today’s context.
Just recently, we improved our protections by adding new features like Self-Destruct, and Self-Healing, while maximizing our compatibility with ES7/ES8, the main browsers, and JS frameworks and libraries.
We are truly proud of all these achievements and fulfilled by knowing that these 500,000 protected builds enabled our clients to push technology forward while keeping millions of users safe.
See you at 1 million!
Meanwhile, if you want to protect your own application builds with Jscrambler, start your free trial!