CODE DEFENDER

Protect your website from Client-Side Supply Chain Attacks

HUMAN Code Defender provides real-time visibility and granular control into the client-side supply chain attack surface, identifies vulnerabilities and anomalous behavior, and proactively mitigates risk.

HubSpot Video

Code Defender from HUMAN is a client-side web application security solution that provides comprehensive real-time visibility and granular control into your modern website’s client-side supply chain attack surface.

Leveraging behavioral analysis and advanced machine learning, Code Defender identifies vulnerabilities and anomalous behavior to reduce the risk of malicious code causing a customer data breach. It provides comprehensive client-side mitigation, partnering granular control over legitimate JavaScript with Content Security Policy (CSP) mitigation capabilities.

This multi-layered protection lets security teams block specific actions in a script (e.g. stopping script from accessing passwords or credit card numbers etc), without blocking the full script, and block unwanted scripts entirely. With Code Defender, you get full visibility into the scripts running on your site including how they are interacting, additional scripts they are using and any exposure details, identifying high risk PII, PCI and vulnerability incidents so response teams can act fast.

See and Stop Digital
Supply Chain Attacks

Gain full visibility into the scripts running on your website and prevent supply chain attacks

Human-Account Defender-See and Stop Fraud

See and Stop Attacks

Continuously Monitor Scripts

Stop cybercriminals exploiting vulnerable JavaScript code from partners or the open source community to protect user data and your brand reputation

Human-Bot Defender-Reduce Fraud

Reduce Customer
Risk

Granular Control Over Scripts
When a script is changed or acts in a risky manner, action can be taken to block specific actions in a script. Keeping customers safe by blocking the leakage of personal information.
Human-Bot Defender-Optimize Efficiency

Stop Compliance Violations

Block PII Leaks to Ensure Compliance
Nearly any site that stores private information or enables payment for goods or services is subject to privacy regulations. Blocking specific actions without blocking the entire script, enables compliance with privacy regulations and enforcement of PCI.

Protect Your Website

Protect your website from script based 3rd party attacks

Human-App Security-Account Takeover@2x
Digital Skimming and Magecart Attacks
Human-Solutions-New Account Fraud@2x
Client-side Supply Chain Attacks
Human Security-Credential Intelligence-Breaking Regulatory Compliance@2x
Personally Identifiable Information (PII) Harvesting

Seeing Code Defender in Action is Believing

See how we protect websites from client-side supply chain attacks

How you win with
Code Defender

Code Defender secures your website by answering the questions “what are the 3rd party scripts doing” and “what data is being exposed by the scripts?”

Continuous Risk Assessment
In today’s website creation and management, it is no longer enough to conduct only a point-in-time security check. Stopping anomalous script behavior and data leakage requires continuous risk assessment of third party scripts, constantly examining them for signs of compromise and suspicious activity.

Code Defender runs 24/7/365 and provides robust real-time visibility into all scripts, all downstream dependencies and every action taken in users' browsers. Leveraging behavioral analysis and advanced machine learning, Code Defender identifies vulnerabilities and anomalous behavior to reduce the risk of a customer data leak incident.
Analyze All Scripts

Modern website scripts change frequently to keep up with evolving business needs. Scripts can load dynamically at run-time in users’ browsers and vendors may update third-party scripts without formal notifications. These updates mean that point-in-time vulnerability scans alone are not sufficient to analyze scripts for malicious or vulnerable code.

Code Defender provides rich insights into JavaScript activity over time, enabling you to analyze all scripts running on your website, regardless of whether they are first-, third- or nth-party. You get real-time visibility into how the scripts are interacting, additional scripts they are using and any exposure details. It flags any changes in script behavior or execution of new scripts and automatically generates alerts.

Mitigate Script Attacks

Client-side supply chain attacks — such as digital skimming and PII harvesting — often remain undetected and unmitigated for weeks. While first-party scripts are easy to update, developers need accurate and timely information about open source vulnerabilities to know where to focus their efforts. Suspicious third-party scripts are hard to update and simply removing them might impact key functionality on your website.

Code Defender provides comprehensive client-side mitigation, partnering granular control over legitimate JavaScript with Content Security Policy (CSP) mitigation capabilities. This multi-layered protection lets security teams both block specific actions in a script without blocking the full script, and prevent unwanted scripts from loading entirely. The Code Defender dashboard offers an at-a-glance overview and actionable recommendations based on threat research to help teams quickly prioritize incidents, so they can mitigate client-side supply chain attacks and stop compliance violations.

Human Security-Code Defender-Continuous Risk Assesment@2x
Continuous Risk Assessment
In today’s website creation and management, it is no longer enough to conduct only a point-in-time security check. Stopping anomalous script behavior and data leakage requires continuous risk assessment of third party scripts, constantly examining them for signs of compromise and suspicious activity.

Code Defender runs 24/7/365 and provides robust real-time visibility into all scripts, all downstream dependencies and every action taken in users' browsers. Leveraging behavioral analysis and advanced machine learning, Code Defender identifies vulnerabilities and anomalous behavior to reduce the risk of a customer data leak incident.
Human Security-Code Defender-Analyze All Scripts@2x
Analyze All Scripts

Modern website scripts change frequently to keep up with evolving business needs. Scripts can load dynamically at run-time in users’ browsers and vendors may update third-party scripts without formal notifications. These updates mean that point-in-time vulnerability scans alone are not sufficient to analyze scripts for malicious or vulnerable code.

Code Defender provides rich insights into JavaScript activity over time, enabling you to analyze all scripts running on your website, regardless of whether they are first-, third- or nth-party. You get real-time visibility into how the scripts are interacting, additional scripts they are using and any exposure details. It flags any changes in script behavior or execution of new scripts and automatically generates alerts.

Human Security-Code Defender-Mitigate Script Attacks@2x
Mitigate Script Attacks

Client-side supply chain attacks — such as digital skimming and PII harvesting — often remain undetected and unmitigated for weeks. While first-party scripts are easy to update, developers need accurate and timely information about open source vulnerabilities to know where to focus their efforts. Suspicious third-party scripts are hard to update and simply removing them might impact key functionality on your website.

Code Defender provides comprehensive client-side mitigation, partnering granular control over legitimate JavaScript with Content Security Policy (CSP) mitigation capabilities. This multi-layered protection lets security teams both block specific actions in a script without blocking the full script, and prevent unwanted scripts from loading entirely. The Code Defender dashboard offers an at-a-glance overview and actionable recommendations based on threat research to help teams quickly prioritize incidents, so they can mitigate client-side supply chain attacks and stop compliance violations.

Safeguarding Websites and Enable
Regulatory Compliance

“We wanted to find the anomalies and changes in our client-side scripts. The Code Defender behavioral analysis solution greatly simplifies this process.”

 
—Lee Tarver, Sr. Manager, Security Architecture and Engineering, Sally Beauty

How Code Defender works

Human Security-Code Defender-How Code Defender Works
Human-BotGuard for Growth Marketing-Collect

Collect

The Sensor collects activity signals from the client-side browser including interactions with the DOM, network domains and local storage. This information is sent to the cloud-based Detector for analysis. The Sensor does not collect any personal data from the browser.
Human-BotGuard for Growth Marketing-Decide

Analyze

The cloud-based Detector analyzes the client-side activity signals using advanced machine learning models to build a baseline profile for every first-, third- and Nth-party script running on the web page. The Detector flags any changes in script behavior or execution of new scripts and automatically generates alerts.
Human-BotGuard for Growth Marketing-Protect

Mitigate

The out-of-band Enforcer works with your web server or CDN to automatically manage and enforce CSP rules. Updated with continuous intelligence from the Detector, the Enforcer ensures that the CSP prevents scripts from being loaded from unknown domains, and blocks malicious network communication on the client-side browser.

Key Integrations

Secure your online accounts against fraud and abuse by easily integrating
Account Defender with your existing infrastructure.

Edge Integration (CDN, Cloud)
Load Balancers & Web Servers
Human Security-Key Integrations-Apache
Human Security-Key Integrations-Citrix NetScaler
Human Security-Key Integrations-f5
Human Security-Key Integrations-Haproxy
Human Security-Key Integrations-Varnish Cache
Human Security-Key Integrations-Kong
Human Security-Key Integrations-Ngnix
Human Security-Key Integrations-Apigee
Human Security-Key Integrations-Envoy
Human Security-Key Integrations-Cowboy
Application SDK/Middleware
Human Security-Key Integrations-PHP
Human Security-Key Integrations-NodeJS
Human Security-Key Integrations-Python
Human Security-Key Integrations-Ruby
Human Security-Key Integrations-Java
Human Security-Key Integrations-ASP.NET
Human Security-Key Integrations-Heroku
Serverless & Cloud Frameworks
Human Security-Key Integrations-Azure Active Directory
Human Security-Key Integrations-App Engine
Human Security-Key Integrations-Google Cloud Functions
Human Security-Key Integrations-Kubernetes
User Identity Platforms
Human Security-Key Integrations-Azure Active Directory
Human Security-Key Integrations-Okta Logo
Human Security-Key Integrations-Ping Identity Logo
E-Commerce Platforms
Human Security-Key Integrations-Salesforce Commerce Cloud
Human Security-Key Integrations-Magento
Human Security-Key Integrations-Marketo
Human Security-Key Integrations-Drupal
Logs & Metrics
Human Security-Key Integrations-Adobe Analytics
Human Security-Key Integrations-Google Analytics
Human Security-Key Integrations-Datadog
Human Security-Key Integrations-Splunk
Vulnerability Intel
Human Security-Key Integrations-Synk

Featured Resources