What is Application Protection & Obfuscation and how does it apply to JavaScript?

Unlike languages like .NET and Java that are compiled to intermediate, stack-based assembly instructions before being distributed in binary form, JavaScript apps are typically distributed in source form. This means that your code is directly visible to anyone with access to the execution environment (like a browser). So, potential attackers can very easily step through the running code using a debugger built into their browser, or use other tools to statically analyze the code for vulnerabilities.

Does this matter? Well the answer is... it depends.

  • Does the JavaScript contain code you don't want competitors to copy or clone?
  • Is there a reason a hacker might want to circumvent some of your checks or actively look for vulnerabilities?
  • Is there risk of harm or reputational damage if the code is modified in a nefarious way? (e.g. to serve malware, or to enable phishing, etc.)

If the answer is “yes” to any of these questions, then consider obfuscating and protecting your JavaScript code.

Why should I obfuscate and protect my JavaScript Apps?

  • To reduce the code size (minification aspect of obfuscation)
  • To make it more difficult for a hacker to reverse engineer your code
  • To hide business logic and unique algorithms
  • To make it more difficult for a hacker to debug your application and look for vulnerabilities
  • To make it more difficult for an attacker to exploit those vulnerabilities, once found
  • To make it more difficult for an attacker to modify your code

What does protected & obfuscated JavaScript look like:


BankABC.fundingSources.create('1xM821zkPUob1dmeNfhJedI1h5JkFRoC3Ja9Y8SLXp0EStArMT', {
  routingNumber: getVal('routingNumber'), accountNumber: getVal('accountNumber'), type: getVal('type'), name: getVal('name')
}, function(err, res) {
  console.log('Error: ' + JSON.stringify(err) + ' -- Response: ' + JSON.stringify(res));
customer_url = 'https://api-sandbox. BankABC.com/customers/AB993D36-3757-69C1-C3B4-29727FB3111C'
customer = app_token.post("#{customer_url}/funding-sources-token")
$('form').on('submit', function() {
  var token = ’X9Bv3NuSrML7Ke1mcGmCT0EpwW34GSmDaYP09UfCpeWde46Jug’;
  var bankInfo = { routingNumber: $('routingNumber').val(), accountNumber: $('accountNumber').val(), type: $('type').val(), name: $('name').val()  }
  BankABC.fundingSources.create(token, bankInfo, callback);
  return false;
function callback(err, res) {
  var $div = $('
'); var logValue = { error: err, response: res }; $div.text(JSON.stringify(logValue)); console.log(logValue); $('#logs').append($div); }


var Acjgb$1=Ezchb("uf}wz}t@|fapv");var cemgb$1=Ezchb("pavrgv");var wZcgb$1=Ezchb('\x22k^+!\x22ixCF|q\x22w~v]u{YvwZ\x22{&YxUA|P Yr*J+@_Kc#V@gRa^G');var Yaggb$1=Ezchb('a|fgz}t]f~qva');var sWWfb=Ezchb('rpp|f}g]f~qva');var UXZfb=Ezchb('gjcv');var oTQfb=Ezchb('}r~v');var QUTfb=Ezchb("\x7F|t");var QoHgb=Ezchb('Vaa|a)3');var sqKgb=Ezchb("`gaz}tzuj");var MlBgb=Ezchb('3>>3Av`c|}`v)3');var onEgb=Ezchb("`gaz}tzuj");var Iivgb=Ezchb('{ggc`)<`r}wq|k=3Qr}xRQP=p|~ $&$>%*P\x22>P Q\x27>!*$!$UQ \x22\x22\x22P');var kkygb=Ezchb("c|`g");var Efpgb=Ezchb("0hpf`g|~vaLfa\x7Fn`|fapv`>g|xv}");var ghsgb=Ezchb('u|a~');var gBfhb=Ezchb("|}");var ICihb=Ezchb('fq~zg');var cyZgb=Ezchb("p|}uztfav");function Ezchb(cWXdb){var EXaeb="";for(var ErOeb=0;ErOebcWXdb.length;ErOeb++){EXaeb+=String.fromCharCode(cWXdb.charCodeAt(ErOeb)^0x13);}return EXaeb;}var YuTgb=Ezchb('`r}wq|k');var AwWgb=Ezchb('a|fgz}t]f~qva');var UrNgb=Ezchb("er\x7F");var wtQgb=Ezchb('rpp|f}g]f~qva');var wNDhb=Ezchb("er\x7F");var YOGhb=Ezchb('gjcv');var sKxhb=Ezchb("er\x7F");var ULAhb=Ezchb('}r~v');var oHrhb=Ezchb("er\x7F");var QIuhb=Ezchb("uf}wz}t@|fapv`");var kElhb=Ezchb("pavrgv");var MFohb=Ezchb('wze3<-');var ofqeb=Ezchb("gvkg");var Qgteb=Ezchb("`gaz}tzuj");var kckeb=Ezchb("\x7F|t");var Mdneb=Ezchb('0\x7F|t`');var gZdeb=Ezchb("rccv}w");BankABC[Acjgb$1][cemgb$1](wZcgb$1,{routingNumber:getVal(Yaggb$1),accountNumber:getVal(sWWfb),type:getVal(UXZfb),name:getVal(oTQfb)},function(gtReb,AoIeb){console[QUTfb](QoHgb+JSON[sqKgb](gtReb)+MlBgb+JSON[onEgb](AoIeb));});customer_url=Iivgb;customer=app_token[kkygb](Efpgb);$(ghsgb)[gBfhb](ICihb,function(){BankABC[cyZgb](YuTgb);var cqLeb=X9Bv3NuSrML7Ke1mcGmCT0EpwW34GSmDaYP09UfCpeWde46Jug;var wlCeb={routingNumber:$(AwWgb)[UrNgb](),accountNumber:$(wtQgb)[wNDhb](),type:$(YOGhb)[sKxhb](),name:$(ULAhb)[oHrhb]()};BankABC[QIuhb][kElhb](cqLeb,wlCeb,Iaheb);return (NaN===NaN);});function Iaheb(YmFeb,siweb){var Ujzeb=$(MFohb);var UDmfb={error:YmFeb,response:siweb};Ujzeb[ofqeb](JSON[Qgteb](UDmfb));console[kckeb](UDmfb);$(Mdneb)[gZdeb](Ujzeb);}

In-app JavaScript Protection

PreEmptive Protection for JavaScript protects JavaScript files using obfuscation and code injection techniques, reducing the risk of piracy, intellectual property theft and tampering.

Example transforms currently implemented:

Transform Description
DomainLock Allows binding the code to a specific domain (or its subdomains). When the code running in the browser originates from a non-matching domain, it breaks with an error.
BooleanLiterals Transforms the false and true literals to other expressions that result in the same false and true values, respectively.
IntegerLiterals Transforms integer literals to other (less obvious) expressions that result in the same value when evaluated. It can also transform all integer literals to a specific radix (binary, decimal, hexadecimal, or octal).
PropertyIndirection Transforms direct property access to indirect property access.
StringLiterals Extracts string literals into variables and initializes those variables from encoded string literals. Replaces the original string with the corresponding variables.
LocalDeclaration Mangles the names of local declarations.

More are on the way…

Make sure that your software security and protection plans don't overlook the client side. Protect against the risks of piracy and license violations, JavaScript code theft, information leakage, etc. To get a trial of the early preview, please fill out the information below, and we will get back to you very soon.

Try it Now!