Introduction

Problem Definition

Modern websites are shifting logic to the client side to increase performance and enrich the user experience. They also make extensive use of third-party scripts and open source libraries to innovate faster and deliver rich new capabilities.
These scripts run on the client side, outside of the site owner’s visibility or control, creating a major blind spot. Client-side supply chain attacks can collect users' data right from the browser, leading to the theft of credit card numbers and other personally identifiable information (PII).
Lack of real-time visibility and control over the behavior
is among the most serious security threats to online businesses today, leaving customers exposed to compliance penalties, brand damage and loss of revenue.

To learn more, you can visit the HUMAN Blog.

Code Defender Solution

HUMAN Code Defender provides comprehensive client-side visibility and protection to websites and companies, detecting data leaks, and malicious and suspicious activities facilitated by first or third-party scripts. Code Defender analyzes the client-side scripts and their actions and detects anomalous behavior, highlights suspicious incidents, and proactively flags and mitigates risk in real-time.

CodeDefender's analysis is performed using real user data collected on an ongoing basis; scripts are identified and categorized into different groups to provide full visibility, transparency, and site security.
Once Code Defender is deployed, a site baseline is established and compared to a common global baseline and known script behaviors. Every script is then analyzed thoroughly to highlight all anomalous and unique behaviors, including DOM, Network, and Storage actions.