Digital Skimming and Magecart

PerimeterX Code Defender is now Generally Available

magecart attacks & digital skimming

We are excited to announce the general availability of Code Defender. Code Defender is a client-side application security solution that protects websites from digital skimming, formjacking and PII harvesting attacks and blocks the malicious script execution to safeguard the users’ data. Over the past few weeks, we deployed Code Defender for many customers and received overwhelmingly positive feedback. The customers who got early access to Code Defender were delighted to get full visibility to all of the JavaScript (JS) code running on their websites. There were plenty of aha moments when customers discovered outdated JS libraries, third-party code performing unauthorized sniffing of personally identifiable information (PII) and in one case a Magecart attack. In the case of the Magecart attack, Code Defender was able to see the development cycle of the malicious code as the attacker made changes. The early detection and alerting enabled the customer to take action before the attacker attempted to steal data.

We watched closely as customers navigated the Code Defender dashboard to gain visibility into their website code and track incidents. Then, after taking feedback from customers and the PerimeterX Customer Success team, we made several enhancements to the product -- and the dashboard in particular. Customers trusted our analysis of the suspicious scripts and why Code Defender marked them as threats, but they needed a detailed report to show the data to the third-party vendors that supplied the scripts. We also wanted to avoid the black-box approach taken by most security vendors and provide information regarding the script's actions and the logic we used for classification. The new analyzer dashboard was the answer and has instantly become one of the main features of Code Defender. The analyzer dashboard shows all the details for any incident and provides all the information needed to quickly mitigate attacks.

PerimeterX Code Defender is now Generally Available

Here is a screenshot from the analyzer dashboard zooming into a high-risk incident from our demo setup. The details for the offending json-polyfill.js script show that it is impacting four percent of the website users and communicating with a known Magecart domain. All of the script's actions - interaction with the DOM, network activity and storage triggers - are captured and visualized on an intuitive timeline chart. The granular details paired with the exact action that leads to the incident classification enable customers to get speedy resolution for security issues from their third-party vendors.

This is just the beginning. Code Defender is a SaaS solution leveraging an advanced behavior-based machine learning platform that powers multiple products. There are more features already in the works to help customers get the best client-side protection against digital skimming attacks like Magecart.

For more details please visit PerimeterX Code Defender or contact us to get control of the third-party code on your website.

Forrester Report

PerimeterX Named a Leader in the Forrester Wave™: Bot Management, Q2 2022

Download Report
© PerimeterX, Inc. All rights reserved.