Source Defense Website Client-Side Security Platform

Additional Info

CompanySource Defense
Company size (employees)50 to 99
Type of solutionSoftware


Source Defense is the market leader in client-side security for websites, providing a prevention-first solution to detect, protect against, and prevent Magecart attacks in real-time. The company’s patented Website Client-side Security Platform offers the most comprehensive and complete solution to address threats and risks originating from the increased use of JavaScript, third-party vendors, and open-source code in websites today.

Client-side attacks are one of today’s most lucrative and popular exploit techniques. Since 2017, 150 million payment cards were detected as being compromised via Magecart attacks, with cybercriminals attempting to monetize the cards on the dark web for an estimated total of $37 billion. Numerous brands have been successfully attacked with serious consequences, including Macy’s, Ticketmaster, British Airways, and more. The vast majority of websites today are susceptible to these attacks because until recently, there was a lack of awareness about client-side web app vulnerabilities, and many companies believed existing, server-side security measures were enough.

In response, the products powering the Source Defense Platform – ADMIN, VICE, and WiPP – offer the most comprehensive solution to detect client-side threats, protecting online businesses, their websites, and their customers before they’re affected while simultaneously improving operational efficiency and providing an optimal user experience.

The ADMIN management console is an all-in-one, scalable system for full threat visibility and control across an organization’s client-side security products. VICE isolates all third-party JavaScript from a webpage in real-time and leverages a fully automated, machine-learning assisted set of policies that control the access and permissions of all operating third-party tools. WiPP protects websites and web applications from online attacks originating from first-party code, insider threat attacks, and vulnerabilities introduced by open-source libraries.

The Source Defense platform was also architected for ease-of-deployment and administration simplicity. On average, users spend less than five hours per month managing the solution.

How we are different

• While security measures such as application security validation or dynamic application security testing are able to evaluate the integrity of the designed JavaScript call function, they are not designed to test every use case or operate dynamically, nor can they test the code residing on a third-party or fourth-party remote servers or provide real-time scanning of all web traffic.

Similarly, content security policy (CSP) and subresource integrity (SRI) features can be powerful tools for website protection and data management, but their significant shortcomings such as limited threat protection, time-to-market delay, etc. impact website owners’ ability to use them effectively against top client-side attacks.

Finally, detection-only solutions can monitor and alert about suspected malicious code in JavaScript running on the client-side, but they don’t prevent an attack from being successful.

• In contrast, the Source Defense first-of-its-kind, patented Website Client-Side Security Platform detects, protects, and prevents client-side web app attacks without adding operational burden for the cybersecurity team, slowing time-to-market with new third-party capabilities or content, generating thousands of false positives that must be investigated, or negatively impacting website performance or customer experience.

Based on machine learning and industry best practices, Source Defense’s prevention-first solution uses real-time, client-side sandboxing in conjunction with permissions-based isolation and reflection to prevent successful data exfiltration or leakage and to provide customers with a fully automated and dynamic set of rules and policies that control access and permissions of first-party Scripts and all JavaScript-based third-party tools operating on their website.

• As the market leader, Source Defense is protecting nearly 1.5 billion monthly site visits and transactions for some of the world’s largest businesses. The firm has not only eliminated risks and thwarted attacks for early adopters, but also prevented approximately 2 billion JavaScript violations of security and compliance policies from occurring in the process.