August 5, 2013

Protecting JavaScript Source Code Using Obfuscation - Facts and Fiction

By Jscrambler | 1 min read

Please read our updated guide to JavaScript obfuscation.

This will be the very first post in this blog. JScrambler exists since 2010 and it was about time we have a blog. Through it, we expect to boost communication with our users and with the community of developers that have an interest in JavaScript source code protection.

To start, we’d like to share with you a presentation we did recently in the OWASP Europe Tour 2013 in Lisbon. In this presentation, our CTO Pedro Fortuna explains the basic concepts around source code obfuscation. Metrics such as obfuscation potency, resilience, stealthiness, execution cost and maintainability – are explained as well. Simple examples are provided to better understand these metrics.

The last part of the presentation addresses common misconceptions around JavaScript source code obfuscation by answering questions such as:

  • Does JavaScript source code minification/compression provides protection for my code?
  • Is non-alphanumeric JavaScript obfuscation any good?
  • Is all dead code injection defeatable with a static code analyzer and therefore pointless?

You can watch the full video of the talk using the window below.

You may prefer to go through the slides instead. These were optimized for improved readability (not like obfuscation).

See you!

Author
JscramblerThe leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.
View All Posts

Subscribe to our weekly newsletter

Learn more about new security threats and technologies.

I agree to receive these emails and accept the Privacy Policy.