Each year, Gartner creates more than 100 Hype Cycles across various domains to help clients track the maturity and future potential of innovations. The Hype Cycle for Application Security, 2022 [1] states that “Client-side attacks have proliferated recently, exploiting the increasingly decentralized design of modern applications. In particular, single-page applications migrate the control and software logic on the client side, where it is exposed to attacks. For example, by injecting malicious scripts into JavaScript applications, attackers have lured thousands of visitors to banking and online commerce websites into handing over their credit card information. Client-side security innovations protect from attacks by monitoring the activity and detecting malicious actions and components.”

Jscrambler is pleased to be included as a Sample Vendor in the Web App Client-Side Protection category. We think it’s important to shed light on the growing importance of this frequently overlooked security threat. Most of the attention in recent years has been paid to network and server-side security, which is good and necessary. Unfortunately, the client-side is often left behind and it shouldn't be since it is a huge attack surface that provides an easy front door for adversaries.

The report gives Web App Client-Side Protection a high benefit rating and indicates 5%- 20% of market penetration.

When you consider that any enterprise that has a public-facing application on their website is a target, much can and should be done to close this security gap.

In the report based on the analysis done by Dionisio Zumerle, he recommends that organizations should “Implement client-side security protection for critical web applications that are used to carry out booking or transactions. Do so monitoring JavaScript and identify malicious, unsanctioned or abnormal behavior.”

We couldn’t agree more with this. All application components that are running on the client side create a significant security blind spot. The average website today runs dozens of third-party scripts representing about 70 percent of all code of all web applications. While these scripts were likely voluntarily added by companies to improve the users’ experience or collect data, security teams often don’t know what all the scripts are doing or how they’re accessing user or company data. Since there is little visibility into client-side activity, any threat or misconfiguration that leaks data can go unnoticed for long periods of time and have a huge impact on the company. Learn more about this issue in our blog post, “How Your Code Dependencies Expose You to Web Supply Chain Attacks.”

We recommend that organizations get control over their client-side security to avoid data leakage, financial and reputational damage, and regulatory fines. Start by taking inventory of your website scripts with a technology that:

Experience the power of Jcrambler’s web application client-side protection today by signing up for a free trial.