PerimeterX Code Defender™

Stop client-side data breaches

PerimeterX Code Defender is a client-side application security solution that continuously protects your website from digital skimming, formjacking and Magecart attacks, stopping data breaches and reducing your risk of non-compliance.

Calculate Your Data Breach Costs

Stop Client-side Attacks

  • Detect
  • Analyze
  • Mitigate

Client-side JavaScript code is a significant blind side for web application developers since they run on the end users’ browsers, outside the protection provided by legacy security solutions like WAFs and firewalls. Malicious Shadow Code in first- and third-party scripts can modify page elements, insert fake checkout buttons or skim personally identifiable information from your website, including credit card numbers and passwords.

Code Defender detects suspicious script behavior by automatically inventorying and baselining the behavior of all client-side JavaScript on your website. Using a lightweight JavaScript Sensor and an Enforcer that manages content security policy (CSP) rules, Code Defender continuously monitors all client-side scripts, looking for anomalous activity such as changes in behavior, communication with new network domains or modifications to the DOM which could leave the website open to compromise and result in theft of personal data.

Read the Blog Post
Detect

Protect Your Website

Case Study

We wanted to find the anomalies and changes in our client-side scripts. The Code Defender behavioral analysis solution greatly simplifies this process.

Lee TarverSr. Manager, Security Architecture and Engineering, Sally Beauty
Read Case Study

Why PerimeterX

Full Visibility and Control

Full Visibility and Control

Code Defender gives you continuous visibility and control over first-, third- and Nth-party scripts running on your website and protects you against a wide range of attack techniques.

Watch Demo
Behavior-based Learning

Behavior-based Learning

Code Defender automatically learns, inventories and baselines all script activity on your web pages, eliminating the need to manually inventory your website scripts and pre-configure policies.

Read Product Review
Multi-layered Protection

Multi-layered Protection

Unlike other solutions that rely exclusively on CSP rules, Code Defender provides multi-layered protection by combining the rich intelligence of a JavaScript Sensor with the standards-based enforcement capabilities of CSP.

What is CSP
Preserves User Experience

Preserves User Experience

Code Defender preserves your user experience and page load performance by executing the JavaScript Sensor asynchronously. Unlike sandbox-based or proxy-based solutions that impact app performance, Code Defender ensures quick response times and a positive experience for your users.

Read Case Study
Threat Research Leadership

Threat Research Leadership

Proactive research from the PerimeterX research team is used to continuously improve Code Defender detection and to provide actionable context on alerts.

Read the PerimeterX Blog
Enterprise-level Customer Services

Enterprise-level Customer Services

Our 24/7/365 proactive security team is always available via multiple channels to help you investigate security incidents, provide actionable insights and function as an extension of your team.

Contact Us

Powered by the PerimeterX Platform

Code Defender runs on the PerimeterX Platform, a set of cloud-native infrastructure and services that powers an award-winning suite of application protection solutions, enabling full visibility and control of your web and mobile applications and APIs. The Platform also powers PerimeterX Bot Defender and PerimeterX Page Defender which protect your website against security threats including malicious bots, unwanted browser extensions and ad injections.

Powered by the PerimeterX Platform

How Code Defender Works

How Code Defender Works
  • Collect

    The PerimeterX Sensor collects activity signals from the client-side browser including interactions with the DOM, network domains and local storage. This information is sent to the cloud-based Detector for analysis. The Sensor does not collect any personal data from the browser.

  • Analyze

    The cloud-based Detector analyzes the client-side activity signals using advanced machine learning models to build a baseline profile for every first-, third- and Nth-party script running on the web page. The Detector flags any changes in script behavior or execution of new scripts and automatically generates alerts.

  • Mitigate

    The out-of-band Enforcer works with your web server or CDN to automatically manage and enforce CSP rules. Updated with continuous intelligence from the Detector, the Enforcer ensures that the CSP prevents scripts from being loaded from unknown domains, and blocks malicious network communication on the client-side browser.

© PerimeterX, Inc. All rights reserved.