Application Protection for Web

Formerly Arxan

Web application and API protection with threat detection to protect the client-side of apps

Protecting web apps is vital to defending against server-side API attacks, malicious browser extensions, banking trojans, and other browser-centric attacks. Many web apps depend on interpreted languages such as JavaScript or HTML5 which means that code can be easily be intercepted, viewed, and compromised by formjacking, DOM tampering, session abuse, overlay attacks, API abuse, and more. Application Protection for Web protects web app code and APIs, stops browsers from connecting to unauthorized websites with the industry's first in-app firewall, and instruments web apps to notify when threats are detected.

The ability to detect and alert on active threats by detecting debugger-based reverse engineering or HTML page (DOM) attacks is essential to getting in front of web app and API attacks – stopping them during the reconnaissance phase. Protection starts by obfuscating web app code, making it hard to read critical information, including API secrets, URLs, and tokens or encryption keys. Integrated threat detection closes the loop between protecting web apps and understanding their real-time threat posture, alerting an organization and taking automatic defensive measures to prevent app code or API compromise. Application Protection for Web includes a multi-layered approach to protecting web applications – including the industry's first in-app firewall – that can be implemented without disrupting CI/CD and DevSecOps environments.

  • Protection at the speed of DevOps applies a range of code and API obfuscation techniques and integrated threat detection sensors rapidly – after code development – without disrupting DevOps processes.

  • Real-time threat detection notifies organizations of analysis and attempted code tampering of all app components (DOM, HTML, JS, APIs) or if an app is running in the wrong domain and automatically takes defensive actions.

  • Active protection protects against browser data exfiltration with an in-app firewall and automatically responds to threats with countermeasures when code analysis or tampering is detected by shutting down web app functionality or the entire browser.

  • Static protection obfuscates JavaScript, HTML5, and API source code, making it harder for attackers to understand, analyze, and reverse engineer/tamper.

Video screenshot for Rapid App Protection for Web
Play Video

Rapid hybrid app security

  • Essential, unmatched web app protection integration within minutes 
  • Streamlined integration with DevSecOps and CI/CD environments 
  • Immediate discovery of an app’s risk posture from the moment it’s published 

Web application protection from the inside out

An estimated 95% of websites run on JavaScript and HTML5, languages that can easily be intercepted, viewed, and compromised. This leaves web applications and APIs vulnerable to client-side attacks, especially when relying only on traditional perimeter security tools like a WAF. Application Protection for Web; image of protected browser with obscured code Application Protection for Web tech specs

  • Languages - JavaScript, HTML5, XHTML, JSP, ASP, AngularJS, AJAX 
  • Development tools - Ionic, Browserify, Grunt, Gulp, React 

Using something else? Get in touch to see how we can help. 

Contact Us