Protect Your Website

Client-Side Security

Many modern web apps run in client-side javascript, executed in the visitor’s browser. This is great for making light, quick applications. However, this shift has opened up new security risks.

Am I At Risk? Magecart Monitor

Is your business safe?

Increasingly hacking groups are using a variety of tactics to exploit Javascript and steal customer data. Scripts that handle personal information – customer data, payment methods – are particularly at risk.

The problem with client-side security is that most businesses are unprepared to deal with these new tactics. Even worse, many don’t notice that they’ve been hacked for days – weeks, or even months.

High Profile Victims

  • British Airways
    Attack lasted 16 days, 380,000 customers affected.
  • Newegg
    Website was compromised for over 1 month.
  • Ticketmaster
    40,000 customers were affected over 9 months.
  • Sotheby’s
    Customers were vulnerable for over 19 months.

Understanding the Magecart threat

“Magecart” is the collective term for several groups taking advantage of gaps in client side security. The most popular attacks inject malicious Javascript, or exploit existing scripts to send customer data to new destinations.

In recent months Magecart has been regularly described as the Number 1 Threat in Cyber Security.

Whilst your customers browse and purchase on your website, scripts are loaded from third parties.

If a third party is compromised, hackers then have a way to write scripts affecting your website.

Hackers can then intercept customer card details without you even noticing.

Magecart: Are you at risk?

Discover if your business is vulnerable to this type of attack.

Am I At Risk?

Defending against the threat

To counter this new threat, some providers advocate locking down client-side code. This includes restricting access for third-party scripts and whitelisting or creating policies for where data is sent.

These are valid ways to protect your website. However, restrictive policies can be time-consuming and frustrating to manage.

RapidSpike monitors where your website sends data.
If we see a new unknown destination, we alert you.

Simple, effective, foolproof.

Magecart Monitor »

  • Insider: Yorkshire's Most Exciting Companies
  • Northern Digital Awards 2019 Shortlist
  • KPMG Best British Tech Startup 2019: Northern Finalist
  • Prolific North Tech 100: Top 30 Companies to Watch
  • National Cyber Security Centre: Cyber Accelerator Alumni