Overview

Modern web apps rely on JavaScript to bring enhanced functionality, but these scripts open them up to the possibility of attacks that target your customers’ PII. JavaScript, whether first-party code or from a third-party, has complete access to a web page, meaning any script has the ability to skim sensitive data.

Web skimming attacks are extremely difficult to detect since they do not occur within a company’s infrastructure. Instead, malicious JavaScript is loaded directly into a visitor’s browser away from all internal security controls — completely invisible to traditional security solutions that would normally raise flags if unusual activity is detected.

Instart offers industry-leading protection against web skimming attacks to prevent data exfiltration from occurring within the browser. Using its unique Nanovisor technology, Instart Web Skimming Protection provides customers granular control over which sensitive data JavaScript can access in the browser so your customer’s data stays safe and you avoid privacy violations.

Instart Web Skimming Protection provides:

Form protection: Whitelist only the JavaScript that legitimately needs access to form content by preventing the reading of form data, such as passwords, social security numbers, or credit card information, from unauthorized scripts.

Cookie protection: Control cookie access by preventing the reading of private data within cookies, such as names, addresses, and telephone numbers, from unauthorized scripts.

Third-party JavaScript control: Granular control over third-party JavaScript allows you to manage the content the scripts can access on a web page as well as whether they are allowed to run at all.

Unauthorized script access alerting: Proactive alerting when unauthorized access to form fields or cookies is detected.

Cutting-edge nanovisor technology: Instart’s nanovisor, a patented JavaScript virtualization technology allows agentless visibility into JavaScript activity within the web browser, delivering the benefit of unrivaled control.