Jscrambler is pleased to be included as a Sample Vendor in the Web App Client-Side Protection category. We think it’s important to shed light on the growing importance of this frequently overlooked security threat. Most of the attention in recent years has been paid to network and server-side security, which is good and necessary. Unfortunately, the client-side is often left behind and it shouldn't be since it is a huge attack surface that provides an easy front door for adversaries.
The report gives Web App Client-Side Protection a high benefit rating and indicates 5%- 20% of market penetration.
When you consider that any enterprise that has a public-facing application on their website is a target, much can and should be done to close this security gap.
We couldn’t agree more with this. All application components that are running on the client side create a significant security blind spot. The average website today runs dozens of third-party scripts representing about 70 percent of all code of all web applications. While these scripts were likely voluntarily added by companies to improve the users’ experience or collect data, security teams often don’t know what all the scripts are doing or how they’re accessing user or company data. Since there is little visibility into client-side activity, any threat or misconfiguration that leaks data can go unnoticed for long periods of time and have a huge impact on the company. Learn more about this issue in our blog post, “How Your Code Dependencies Expose You to Web Supply Chain Attacks.”
We recommend that organizations get control over their client-side security to avoid data leakage, financial and reputational damage, and regulatory fines. Start by taking inventory of your website scripts with a technology that:
- Monitors every user session, in real time, to detect malicious scripts and their source
- Reacts with a fine-grained rules engine that provides full control over every script, enabling you to block suspicious outbound activity
Experience the power of Jcrambler’s web application client-side protection today by signing up for a free trial.
Gartner and Hype Cycle are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner®, Hype Cycle™ for Application Security, 2022, Joerg Fritsch, 11 July 2022. ↩︎