Arxan Technologies, provider of application solutions, announced this week the launch of for , the latest enhancement to its protection for client-side . Enabling organizations to defend against server side API attacks and credential theft, Arxan for provides a multi-layered defensive approach including:

  • Passive protection – obfuscates code, making it harder for attackers to understand and analyze for reverse engineering
  • Active protection – in the event of code analysis, tampering or malware attacks, the browser can be shut down or attacked code can be repaired
  • Real-time alerting – notifies organizations of attempted code tampering or analysis via Arxan Threat Analytics to quarantine suspicious accounts and update code protections

The continued increase in global data breaches significantly affects business performance, costing an average of $3.86 million in a single breach. And a particularly sharp increase in API-based attacks is anticipated. According to Gartner: “by 2022, API abuses will be the most frequent attack vector, resulting in data breaches for enterprise web applications.” The rise in client-side threats makes timely, proactive threat response even more critical.

“Arxan for Web now provides organizations real-time threat reporting, which means they can respond to threats before attacks can get through APIs to backend systems,” says Joe Sander, CEO, Arxan. “We’re enabling a closed loop security process between code deployment, early stage client-side attacks, detection and remediation, and preventing the compromise of critical back office systems and assets.”

According to OWASP, JavaScript has become the predominant web language. At the same time, OWASP reports that Cross Site Scripting (XSS) – a client-side attack that hijacks browser sessions in order to steal credentials, redirect traffic to malicious sites, or deface websites – is one of the top application security risks. Browsers have been attempting to combat Cross Site Scripting attacks for years, something that Arxan for Web can now defend against and report the attack back to risk management systems.

“JavaScript is an incredibly powerful language, but it also has one defining flaw in regard to security: JavaScript code is interpreted at runtime. This means that virtually everyone who downloads JavaScript-based software will have full access to the code that drives it,” says Rusty Carter, vice president of product management, Arxan. “Security teams traditionally focused their resources on perimeter security, everything that runs behind the firewall. If you’re deploying web apps, especially in financial services, e-commerce, gaming or digital media, the attacks that will get through that perimeter start on the client side, hours, days or weeks before any suspicious interaction with the perimeter.”

OWASP research also shows that insufficient logging and monitoring is a primary security concern, noting that the time it takes most organizations to detect a breach is far too long to adequately address the threat until it’s too late: “most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.”

Arxan Threat Analytics provides much-needed visibility into the security posture of applications by giving organizations timely data and intelligence to stay in front of evolving threats to any web app deployed in the wild. For example, if a debugger is plugged into a web app, Arxan will immediately alert the organization to that activity.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here