Skip to main content

Arxan for Web

Web Application and API Protection with Threat Detection to Protect the Client-Side of Apps

Protecting web apps is vital to defending against server-side API attacks, malicious browser extensions, banking trojans and other browser-centric attacks. Many web apps depend on interpreted languages such as JavaScript or HTML5 which means that code can be easily be intercepted, viewed and compromised by formjacking, DOM tampering, session abuse, overlay attacks, API abuse and more. Arxan for Web protects web app code and APIs, stops browsers from connecting to unauthorized websites with the industry's first in-app firewall, and instruments web apps to notify when threats are detected.

The ability to detect and alert on active threats by detecting debugger based reverse engineering or HTML page (DOM) attacks is essential to getting in front of web app and API attacks – stopping them during the reconnaissance phase. Protection starts by obfuscating web app code, making it hard to read critical information, including API secrets, URLs and tokens or encryption keys. Integrated threat detection closes the loop between protecting web apps and understanding their real-time threat posture, alerting an organization and taking automatic defensive measures to prevent app code or API compromise.

Arxan for Web includes a multi-layered approach to protecting web applications – including the industry's first in-app firewall – that can be implemented without disrupting CI/CD and DevSecOps environments.
  • Protection at the Speed of DevOps - applies a range of code and API obfuscation techniques and integrated threat detection sensors rapidly – after code development – without disrupting DevOps processes
  • Real-Time Threat Detection - notifies organizations of analysis and attempted code tampering of all app components (DOM, HTML, JS, APIs) or if an app is running in the wrong domain and automatically takes defensive actions
  • Active Protection - protects against browser data exfiltration with an in-app firewall and automatically responds to threats with countermeasures when code analysis or tampering is detected by shutting down web app functionality or the entire browser
  • Static Protection - obfuscates JavaScript, HTML5 and API source code, making it harder for attackers to understand, analyze, and reverse engineer/tamper

Rapid Web App Security

  • Essential, unmatched web app protection integration within minutes
  • Streamlined integration with DevSecOps and CI/CD environments
  • Immediate discovery of an app’s risk posture from the moment it’s published

Web Application Protection from the Inside Out

An estimated 95% of websites run on JavaScript and HTML5, languages that can easily be intercepted, viewed and compromised. This leaves web applications and APIs vulnerable to client-side attacks, especially when relying only on traditional perimeter security tools like a WAF.

Arxan for Web Tech Specs

  • Languages - JavaScript, HTML5, XHTML, JSP, ASP, AngularJS, AJAX
  • Development tools - Ionic, Browserify, Grunt, Gulp, React

Using something else? Get in touch to see how Arxan can help.

More from the Blog
Sep 18, 2019

Introducing A New Weapon in War Against Browser Data Exfiltration

We’re proud to announce that our t
Read more
Sep 27, 2018

How to Avoid Being the Next Magecart Victim

Earlier this year, TicketMaster reported that its customer data had been breached due to a partn
Read more
Dec 04, 2018

Why Magecart Continues to Succeed at Harming Companies

A group known as Magecart has come to light as companies such as Ticketmaster, 
Read more