Protecting JavaScript Source Code Using Obfuscation - Facts and Fiction

Obfuscation is one of the most popular solutions to secure and enhance the protection of JavaScript source code. What are the facts and the myths about it?

Just a quick note: JScrambler was officially launched in 2010. Three years later, it was about time to have a blog signed by the leading client-side security solution for JavaScript in-app protection and real-time webpage monitoring. This is our first blog article!

Through it, we expect to boost communication with our users and with the community of developers that have an interest in JavaScript source code protection.

To start, we’d like to share with you a presentation we did recently at the OWASP Europe Tour 2013 in Lisbon. In this presentation, our CTO, Pedro Fortuna, explains the basic concepts around source code obfuscation.

JavaScript Obfuscation: Metrics, Facts, and Myths

Metrics such as obfuscation potency, resilience, stealthiness, execution cost, and maintainability are deeply explained. Simple examples are provided to better understand these metrics.

The last part of the presentation addresses common misconceptions around JavaScript source code obfuscation by answering questions such as:

• Does JavaScript source code minification/compression provide protection for my code?

• Is non-alphanumeric JavaScript obfuscation any good?

• Is all dead code injection defeated with a static code analyzer and therefore pointless?
  
  

OWASP Europe Tour 2013 in Lisbon: Protecting JavaScript code

You can go through the slides about protecting JavaScript source code using obfuscation, presented at the OWASP Europe Tour 2013. These were optimized for improved readability (not obfuscation).

This presentation focuses on the specific case of JavaScript source obfuscation and the main usage cases. It also gives examples of obfuscation and its value in providing real protection against reverse engineering.

More about JavaScript Obfuscation
Code obfuscation aims to delay the understanding of what a program does. It can be used, for example, in scenarios where the code contains Intellectual Property (algorithms) or when the owner wants to prevent a competitor from stealing and reusing the code.

That said, obfuscation transformation translates easy-to-understand code into a much harder-to-understand form.

Read more about JavaScript obfuscation in our practical and complete guide with a step-by-step approach to exploring key questions.