Feroot Security launched DomainGuard, a fully automated content security policy solution and the latest offering within its client-side supply chain security platform.
DomainGuard provides web developers tailor-made Content Security Policy (CSP) management, greatly reducing risks associated with ever-growing client-side attacks that stem from missed CSP violations and the use of chainloaded scripts that are often blindly trusted. Through simple CSP creation, management and monitoring, the impractical manual task of evaluating up to thousands of scripts on numerous pages, and doing so continuously, is eliminated.
“Through the launch of DomainGuard, we’re building upon our client-side attack surface management platform to address the impracticality of manually managing a CSP, let alone remediating and preventing violations and attacks,” said Ivan Tsarynny, Feroot co-founder and CEO. “With DomainGuard, CSP violations are handled in moments instead of months. Feroot provides this unparalleled peace of mind for the organization and their users when they’re completing something that may seem as innocent as a registration request, check out experience, or payment process. Feroot is committed to remaining the top innovator in client-side security—a highly needed protection that only becomes more and more important as the dependence of online usage exponentially grows. That’s what positions us as a business enabler.”
The immense power of automation in client-side security
Designed for organizations that wish to control their client-side attack surface by deploying and managing CSP on their web applications, DomainGuard quickly identifies all first- and third-party scripts, digital assets and the data they can access. It then generates appropriate CSP on crawled data and anticipated effectiveness while also allowing customers to fine tune CSP at the domain level for easy management, version control and reporting.
DomainGuard beta testers around the world reported they previously found themselves adhering to the all-too-common misconception that all it takes to deploy a proper CSP on a web application or website is to write a CSP and simply configure a web server to return the CSP HTTP header. But beta testers also reported they didn’t know if that approach really provided the needed security or if it armed them with sufficient or too much coverage.
A simple example of the potential lack of visibility would be to ask what happens if someone adds a new widget to the website. Organizations typically won’t know if its CSP would work or even if an audit would identify a related issue.
DomainGuard addresses this significant vulnerability based on customer specific web application crawls and data collection.