Protecting OutSystems Enterprise-Grade Apps with Jscrambler

We are excited to announce that OutSystems, the leading low-code platform for building enterprise-grade apps, has recommended Jscrambler to protect OutSystems' web and mobile applications.

Read more about their announcement below.

Introduction

By now, you already know the key benefits of OutSystems: Low-code, fast development, deployment, and monitoring for mobile and web applications.

However, consider all the risks that threaten these applications, such as code tampering and intellectual property theft.

Today, we will explore an easy and effective way to protect your OutSystems applications using Jscrambler. Continue reading to learn more and to catch a demo of how to integrate Jscrambler with your OutSystems apps.

Protecting JavaScript with Jscrambler

Jscrambler provides enterprise-grade security solutions to protect the client side of web and mobile applications.

The JavaScript and HTML5 code of applications is completely exposed and can be debugged, reverse-engineered, or even tampered with by the end user.

There is no feasible way to encrypt JavaScript to prevent this, so the next best thing is to transform it into something hard to read and understand while still working just like the original code. This is what Jscrambler excels at.

The Jscrambler Code Integrity technology applies several protection layers that ensure that JavaScript and HTML5 source code become self-defensive and resilient to tampering and reverse-engineering.

By protecting your code with Jscrambler, you can prevent client-side risks, including code theft, counterfeit applications, and violation of licensing agreements.

Dive into more details about each of the Jscrambler protective layers.

JavaScript Code Obfuscation

JavaScript code obfuscation is a series of code transformations that turn exposed code into a protected version of the code that is hard to understand and reverse-engineer.

While most tools only offer basic obfuscation, Jscrambler applies the most advanced obfuscation techniques by combining dozens of JavaScript transformations.

These include transformations to strings, variables, functions, and objects through reordering, encoding, splitting, renaming, and logic concealing techniques. On top of this, our control-flow flattening obfuscates the programs' control flow by adding opaque predicates, flattening the control flow, and adding irrelevant code clones.

The Jscrambler obfuscation is also unique due to its polymorphic behavior: each new code build has a different output, further increasing the difficulty of reverse-engineering attempts.

Here is an example of a JavaScript code snippet before and after being protected by Jscrambler:

Before

function startTime() {  
    var today = new Date();
    var h = today.getHours();
    var m = today.getMinutes();
    var s = today.getSeconds();
    m = checkTime(m);
    s = checkTime(s);
    document.getElementById('txt').innerHTML =
    h + ":" + m + ":" + s;
    var t = setTimeout(startTime, 500);
}

After

B100.P=function (){return typeof B100.H.C==='function'?B100.H.C.apply(B100.H,

Code Locks

If you develop and market JavaScript applications, whether standard JavaScript, mobile web applications, or HTML5, you will want to prevent someone who didn’t pay, whose license has expired, or someone with malicious purposes from executing your code. This is where Code Locks come into play.

Jscrambler allows you to limit the execution of your code to a given set of browsers, a time frame (useful for demos that should not be runnable after the preview period is over), on a given domain (usually yours), or a particular operating system. This means you can deliver expirable demos to your clients without incurring the fear of code or client loss.

Code Locks can trigger a specific countermeasure when someone tries to execute the code outside of the set parameters.

Self-Defending

On top of transforming and locking the code, Jscrambler can enable applications to become self-defensive and react to attacks. This self-defending feature protects functions and object literals, concealing their logic, blocking code tampering attempts with anti-tampering techniques, and detecting debuggers to trigger defenses that block reverse engineering attempts.

By default, the self-defending feature breaks the application when these tampering and debugging attempts are detected.

On top of that, you can define a set of countermeasures to be executed. These include Break Application, Custom Callback Function, Delete Cookies, Redirect, and Real-Time Notifications.

Threat Monitoring

With the Jscrambler 6.0 release, you can now see every threat to your protected JavaScript code in a live dashboard.

Threat Monitoring works as a countermeasure. So, when you select a code lock or enable self-defending, you can enable Threat Monitoring and be notified in real-time whenever someone tries to debug, tamper with, or break a code lock in your protected code.

Always Ahead of Reverse Engineering Tools

The Jscrambler code protection technology has an exclusive built-in feature—Code Hardening — that brings crucial value to protected code: complete up-to-date resilience against JavaScript reverse-engineering tools and techniques.

Unlike any other JavaScript obfuscation or protection solution, Jscrambler’s Research team actively monitors these tools and techniques and releases live patches for new changes. As so, it's guaranteed that the protected code is always one step ahead of these automatic tools.

Integrating Jscrambler with OutSystems

The OutSystems Advocacy team has created a short introduction on how to integrate Jscrambler in your OutSystems applications as part of a how-to series of videos. Watch the video on how to integrate Jscrambler with OutSystems apps.

Closing Thoughts

Protecting your JavaScript code is a crucial step to ensure that your intellectual property and business model remain safe.

Jscrambler’s technology, used by the Fortune 500 and over 43,000 companies and individuals globally, provides your code with the most advanced protection layers while enabling you to see every attempt to tamper with your code in real time.

If you’re interested in getting started with Jscrambler, you can test all features with a free trial.

Also, don’t miss Jscrambler’s getting started tutorials.