August 24, 2022

Jscrambler Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

By Jscrambler | 3 min read

Blog

Each year, Gartner creates more than 100 Hype Cycles across various domains to help clients track the maturity and future potential of innovations. The Hype Cycle for Application Security, 2022 [1] states that “Client-side attacks have proliferated recently, exploiting the increasingly decentralized design of modern applications. In particular, single-page applications migrate the control and software logic on the client side, where it is exposed to attacks. For example, by injecting malicious scripts into JavaScript applications, attackers have lured thousands of visitors to banking and online commerce websites into handing over their credit card information. Client-side security innovations protect from attacks by monitoring the activity and detecting malicious actions and components.”

Jscrambler is pleased to be included as a Sample Vendor in the Web App Client-Side Protection category. We think it’s important to shed light on the growing importance of this frequently overlooked security threat. Most of the attention in recent years has been paid to network and server-side security, which is good and necessary. Unfortunately, the client-side is often left behind and it shouldn't be since it is a huge attack surface that provides an easy front door for adversaries.

The report gives Web App Client-Side Protection a high benefit rating and indicates 5%- 20% of market penetration.

When you consider that any enterprise that has a public-facing application on their website is a target, much can and should be done to close this security gap.

In the report based on the analysis done by Dionisio Zumerle, he recommends that organizations should “Implement client-side security protection for critical web applications that are used to carry out booking or transactions. Do so monitoring JavaScript and identify malicious, unsanctioned or abnormal behavior.”

We couldn’t agree more with this. All application components that are running on the client side create a significant security blind spot. The average website today runs dozens of third-party scripts representing about 70 percent of all code of all web applications. While these scripts were likely voluntarily added by companies to improve the users’ experience or collect data, security teams often don’t know what all the scripts are doing or how they’re accessing user or company data. Since there is little visibility into client-side activity, any threat or misconfiguration that leaks data can go unnoticed for long periods of time and have a huge impact on the company. Learn more about this issue in our blog post, “How Your Code Dependencies Expose You to Web Supply Chain Attacks.”

We recommend that organizations get control over their client-side security to avoid data leakage, financial and reputational damage, and regulatory fines. Start by taking inventory of your website scripts with a technology that:

  • Monitors every user session, in real time, to detect malicious scripts and their source
  • Reacts with a fine-grained rules engine that provides full control over every script, enabling you to block suspicious outbound activity

Experience the power of Jcrambler’s web application client-side protection today by signing up for a free trial.

Gartner Disclaimer

Gartner and Hype Cycle are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


  1. Gartner®, Hype Cycle™ for Application Security, 2022, Joerg Fritsch, 11 July 2022. ↩︎

Author
JscramblerThe leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.
View All Posts

Subscribe to our weekly newsletter

Learn more about new security threats and technologies.

I agree to receive these emails and accept the Privacy Policy.
Projeto Co-Financiado por (Mais info)