Source Defense Website Client-Side Security Platform

Additional Info

CompanySource Defense
Company size (employees)50 to 99
Type of solutionSoftware


Source Defense is the market leader in client-side security for websites, providing a prevention-first solution to detect, protect against, and prevent client-side web app attacks in real-time. The company’s patented Website Client-side Security Platform offers the most comprehensive and complete solution to address threats and risks originating from the increased use of JavaScript, third-party vendors, and open-source code in today’s websites.

Client-side attacks such as digital skimming, formjacking, clickjacking, ad injection, and content defacement are some of the most lucrative and popular exploit techniques in use today. According to an October 2021 survey, 97.6% of web applications use JavaScript as their client-side programming language. As a result, almost every website across various industries (ecommerce, travel, healthcare, financial services, government, etc.) is vulnerable. The attacks are also difficult for website owners to detect and often aren’t discovered for weeks or months, increasing the scope of damage, mitigation costs, and fines significantly.

In response, the products powered by the Source Defense Platform – Admin, VICE, and WiPP – offer the most comprehensive solution to detect automated attacks and client-side threats, protecting online businesses, their websites, and their customers before they’re affected while simultaneously improving operational efficiency and providing an optimal user experience.

The ADMIN management console is an all-in-one, scalable system for full threat visibility and control across an organization’s client-side security products. VICE isolates all third-party JavaScript from a webpage in real-time and leverages a fully automated, machine-learning assisted set of policies that control the access and permissions of all operating third-party tools. WiPP protects websites and web applications from online attacks originating from first-party code, insider threat attacks, and vulnerabilities introduced by open-source libraries.

The Source Defense platform was also architected for ease-of-deployment and administration simplicity. On average, users spend less than five hours per month managing the solution.

How we are different

• While security measures such as application security validation or dynamic application security testing are able to evaluate the integrity of the designed JavaScript call function, they are not designed to test every use case or operate dynamically, nor can they test the code residing on a third-party or fourth-party remote servers or provide real-time scanning of all web traffic.

Similarly, content security policy (CSP) and subresource integrity (SRI) features can be powerful tools for website protection and data management, but their significant shortcomings such as limited threat protection, time-to-market delay, etc. impact website owners’ ability to use them effectively against top client-side attacks.

Finally, detection-only solutions can monitor and alert about suspected malicious code in JavaScript running on the client-side, but they don’t prevent an attack from being successful.

• In contrast, the Source Defense first-of-its-kind, patented Website Client-Side Security Platform detects, protects, and prevents client-side web app attacks without adding operational burden for the cybersecurity team, slowing time-to-market with new third-party capabilities or content, generating thousands of false positives that must be investigated, or negatively impacting website performance or customer experience.

Based on machine learning and industry best practices, Source Defense’s prevention-first solution uses real-time, client-side sandboxing in conjunction with permissions-based isolation and reflection to prevent successful data exfiltration or leakage and to provide customers with a fully automated and dynamic set of rules and policies that control access and permissions of first-party Scripts and all JavaScript-based third-party tools operating on their website.

• As the market leader, Source Defense is protecting nearly 1.5 billion monthly site visits and transactions for some of the world’s largest businesses. The firm has not only eliminated risks and thwarted attacks for early adopters, but also prevented approximately 2 billion JavaScript violations of security and compliance policies from occurring in the process.