JavaScript Compromise and Exploitation | How Client-Side Security Can Help Successfully Navigate the Application Threat Landscape | An Imperva Brand Story with Lynn Marks

A Brand Story with Sean Martin, Marco Ciappelli, and Lynn Marks, Senior Product Manager at Imperva

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.

The conversation begins with a key question: What is client-side protection?

Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,’ where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.

Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva’s Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.

Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva’s Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.

For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.

Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.

Top Questions Addressed

  • What is client-side protection?

  • How can an organization protect itself against client-side attacks?

  • What is the role of Imperva's Client Side Protection product in combating client-side security threats?

Note: This story contains promotional content. Learn more.


Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]

On Linkedin | https://www.linkedin.com/in/lynnmarks1/

Blog | https://thenewstack.io/author/lynn-marks/


The Role of Client-Side Protection

Client-side security risks are often overlooked. Learn how these threats could undermine your business in this Imperva guide.