JSDefender™ secures your JavaScript apps against tampering, misuse and data theft using sophisticated obfuscation and active protection techniques.

Some example transforms include:

Transform Description
Boolean Literals Transforms the false and true literals to other expressions that result in the same false and true values, respectively.
Console Cloaking Prevents the protected code from displaying information in the console when the code invokes the methods of the console object, such as console.log, console.info, etc. This suppresses debug and diagnostic information that might be useful to an attacker running the code.
Control Flow Protection Obfuscates the program's control flow by adding opaque predicates or dead code and flattening the control flow.
Date Lock Injects code into the protected source, which tests if the current date is in a particular interval. If so, the code runs normally; otherwise, it can either exit or run a custom script.
Debugger Removal Removes information from production code that can help hackers inspect your code.
DevTools Blocking For browser-based JavaScript, detects if the DevTools panel is open in the browser. If so, the protected script continuously stops the program at a breakpoint and does not allow an attacker to debug it.
Domain Lock Allows binding the code to a specific domain (or its subdomains). When the code running in the browser originates from a non-matching domain, it breaks with an error.
Expression Sequence Obfuscation Collects adjacent expression statements in the code and joins them into an expression sequence that is harder to understand.
Function Reordering Moves functions from their original locations to a new one in the same lexical scope. When the *randomize* option is turned on, it sets the new location randomly.
Global Object Hiding Hides references to frequently used global objects and functions (such as window, navigator, Object, String, setTimeout, etc.). These references often give useful hints to attackers trying to reverse-engineer the code.
Integer Literals Transforms integer literals to other (less obvious) expressions that result in the same value when evaluated. It can also transform all integer literals to a specific radix (binary, decimal, hexadecimal, or octal).
Local Declaration Mangles the names of local declarations.
Property Sparsing Transforms object literal expression assignments into multiple assignment statements to make them harder to read.
Property Indirection Transforms direct property access to indirect property access.
String Literals Extracts string literals into variables and initializes those variables from encoded string literals. Replaces the original string with the corresponding variables.
Tamper Detection Wraps critical code with guarding functions, which check at runtime for modifications. Tampered code will not run correctly.
Variable Grouping Protection Separates variable declarations and initializations; it moves the declaration part to the end of the declaration scope.

What does protected & obfuscated JavaScript look like:

BEFORE


BankABC.fundingSources.create('1xM821zkPUob1dmeNfhJedI1h5JkFRoC3Ja9Y8SLXp0EStArMT', {
	routingNumber: getVal('routingNumber'),
	accountNumber: getVal('accountNumber'),
	type: getVal('type'),
	name: getVal('name')
}, function (err, res) {
	console.log('Error: ' + JSON.stringify(err) + ' -- Response: ' + JSON.stringify(res));
});
customer_url = 'https://api-sandbox.BankABC.com/customers/AB993D36-3757-69C1-C3B4-29727FB3111C'
	customer = app_token.post("#{customer_url}/funding-sources-token")
	$('form').on('submit', function () {
		BankABC.configure('sandbox');
		var token = 'X9Bv3NuSrML7Ke1mcGmCT0EpwW34GSmDaYP09UfCpeWde46Jug';
		var bankInfo = {
			routingNumber: $('routingNumber').val(),
			accountNumber: $('accountNumber').val(),
			type: $('type').val(),
			name: $('name').val()
		}
		BankABC.fundingSources.create(token, bankInfo, callback);
		return false;
	});
function callback(err, res) {
	var $div = $('');
	var logValue = {
		error: err,
		response: res
	};
	$div.text(JSON.stringify(logValue));
	console.log(logValue);
	$('#logs').append($div);
}

AFTER


var Acjgb=ghsgb("uf}wz}t@|fapv`");var cemgb=ghsgb("pavrgv");var wZcgb=ghsgb
('\x22k^+!\x22ixCF|q\x22w~v]u{YvwZ\x22{&YxUA|P Yr*J+@_Kc#V@gRa^G');var 
Yaggb=ghsgb("a|fgz}t]f~qva");var sWWfb=ghsgb("rpp|f}g]f~qva");var UXZfb=ghsgb
("gjcv");var oTQfb=ghsgb("}r~v");var QUTfb=ghsgb("\x7F|t");var QoHgb=ghsgb
('Vaa|a)3');var sqKgb=ghsgb("`gaz}tzuj");var MlBgb=ghsgb('3>>3Av`c|}`v)3');var 
onEgb=ghsgb('{ggc`)<`r}wq|k=Qr}xRQP=p|~ 
$&$>%*P\x22>P Q\x27>!*$!$UQ \x22\x22\x22P');var Iivgb=ghsgb("c|`g");var 
kkygb=ghsgb("0hpf`g|~vaLfa\x7Fn`|fapv`>g|xv}");var Efpgb=ghsgb
('u|a~');function ghsgb(QIuhb){var kElhb="";for(var MFohb=0;MFohbQIuhb.
length;MFohb++){kElhb+=String.fromCharCode(QIuhb.charCodeAt(MFohb)^0x13);}
return kElhb;}var gBfhb=ghsgb("|}");var ICihb=ghsgb('`fq~zg');var cyZgb=ghsgb
("p|}uztfav");var Ezchb=ghsgb('`r}wq|k');var YuTgb=ghsgb('K*Qe ]f@a^_$Xv\x22~
pT~PG#VcdD \x27T@~WrJC#*FuPcvDwv\x27%Yft');var AwWgb=ghsgb
("er\x7F");var UrNgb=ghsgb('');var wtQgb=ghsgb("vaa|a");var wNDhb=ghsgb("av`c|}`v");
var YOGhb=ghsgb("gvkg");var sKxhb=ghsgb('0\x7F|t`');var ULAhb=ghsgb("rccv}w");
(BankABC[Acjgb][cemgb](wZcgb,{[Yaggb]:getVal(Yaggb),[sWWfb]:getVal(sWWfb),
[UXZfb]:getVal(UXZfb),[oTQfb]:getVal(oTQfb)},function(ofqeb,Qgteb){console
[QUTfb](QoHgb+JSON[sqKgb](ofqeb)+MlBgb+JSON[sqKgb](Qgteb));}),
customer_url=onEgb,customer=app_token[Iivgb](kkygb),$(Efpgb)[gBfhb](ICihb,
function(){BankABC[cyZgb](Ezchb);var kckeb=YuTgb;var Mdneb={[Yaggb]:$
(Yaggb)[AwWgb](),[sWWfb]:$(sWWfb)[AwWgb](),[UXZfb]:$(UXZfb)[AwWgb](),
[oTQfb]:$(oTQfb)[AwWgb]()};BankABC[Acjgb][cemgb](kckeb,Mdneb,oHrhb);
return (NaN===NaN);}));function oHrhb(gZdeb,Iaheb){var cWXdb=$(UrNgb);var 
EXaeb={[wtQgb]:gZdeb,[wNDhb]:Iaheb};cWXdb[YOGhb]
(JSON[sqKgb](EXaeb)),console[QUTfb](EXaeb),$(sKxhb)[ULAhb](cWXdb)}

Try it yourself with our Online Demo.