Linkedin Tag

Back to blog

Jscrambler Webpage Integrity vs c/side

Sunday, April 28th, 2024

Updated November 26th, 2024

M

Marketing

Some competitors provide a form of browser-side security as a side product, an afterthought. Jscrambler is quite focussed on browser side security, similarly to c/side.

Heads up, you’re on the c/side website so our opinion is going to be biased. Nevertheless, we made our case honestly.

First let’s look at the differences in a table, then in more detail written out.

Feel free to read their own product page here.

The differences between Jscrambler Webpage Integrity and c/side

Jscrambler started as a company focussed on providing JavaScript obfuscation to protect intellectual property. In 2021 Jscrambler added a client-side detection method to their offering to protect against browser side attacks.

They look for suspicious behaviors in scripts and block those actions in the browser of the user.

Unlike c/side, they are not part of the delivery flow of the 3rd party script.

c/side Jscrambler Webpage Integrity
Doesn't rely on CSP policies
Doesn't cause errors in the browser terminal
Client side JS script detection
Uses threat feed intel
Monitors Who-is records
Monitors SSL
Able to detect inline scripts
Uses AI to analyse scripts
Creates allow lists for scripts
Proxies scripts
Stores script content for future review
100% certainty that the script reviewed is the one seen by the browser of the user
Stores historical script content to improve detections and help investigations
Performance enhances scripts

What we don’t like about Jscrambler Webpage Integrity

Let’s start with the good. Similar to us, Jscrambler reviews every user session. Other competitors, like Cloudflare’s Page Shield, only cover a sample of sessions.

You have a bit more advanced control over script access compared to similar tools.

Another good part is that their browser-side JavaScript detection mechanism is solid and catches a lot of possible breaches, just like ours. Jscrambler is one of the only other tools that actively reviews script behaviors and doesn't rely purely on threat feed intel on the script source. The downside is that this is the only part of their detection mechanism that runs browser side at this time. This poses a problem. It doesn’t take into account the history of the scripts, and it’s a single point of failure. It also doesn’t seem they are using modern technologies like AI to continuously update their detect mechanisms.

In security, it is important to realize that "you don't know what you don't know". What that means is that if you built a solution that is designed to stop explicit behavior X, anything that doesn't match X is allowed.

This can easily lead to a situation where you’ve allowed bad behaviors and are totally unaware of them, with no ability to look back to improve the detection ability.

Jscrambler's full solution is also completely hidden behind a tiered Contact Us paywall. They don't speak of autonomous blocking but of 'mitigation options' starting in the 3rd tier called Forms Control. Pricing on either tier is completely unknown.

How c/side is more complete

We are part of the script delivery and act as a proxy to shield users fully. This not only makes us see what gets pushed to the user's browser, but in a lot of cases our improvements even make scripts faster. Making c/side impactful to your business, even if you never face a browser supply chain attack.

We also analyze and bank all of the responses. So if a script looks different today than it did yesterday, we will know.

We also store scripts that initially looked fine. This allows us to improve our detections and assist customers better in case of a false negative investigation. We know very well that 3rd party script hijacking is an area where bad actors are creative in their approaches and are set up to constantly look for new attack methods. 

On the backend, we run constant analysis on this historical data to strengthen our real-time detection mechanisms. It’s a flywheel that allows our tech to grow stronger continuously.

Your choice!

So there you have it, our understanding and thoughts on Jscrambler Webpage Integrity.

Have we made our case? Hop on our free tier, and take it for a spin.

Get started with c/side.

Or, you can go here to read more on how c/side works and find other comparisons.