Categories
101

PreEmptive – JSDefender 101

Reading Time: 3 minutes

Did you know JavaScript is used by 13.8 million developers worldwide? This means that 53% of developers either use or have used JavaScript at some point throughout their career. Making this the most popular coding language in web and cloud development. As programming languages are an essential tool, they are a critical security & quality priority that all developers are focused on. And since programming languages are also opportunities for attack, it is essential to implement obfuscation protection as preventative measures to protect your work from being copied, attacked or leveraged to cause further damage.

Just like in our previous 101’s for Dofuscator for .NET, in this article we explain how JSDefender for JavaScript can help secure and protect your work using obfuscation techniques with additional layered security.

What is the Product used for?

Similar to Dotfuscator for .NET, JSDefender is primarily used to protect and harden your applications that are composed of JavaScript. It encrypts your projects through a layered approach. Javascript is commonly used and as the risks of hacking continue to expand, it’s more proficient to implement code security at the early stages of development. In other words, by not using some sort of cybersecurity, it is like leaving your phone on the table and unlocked for the world to see what you’re up to. But, on this scale it is not just your data that is exposed, but the entirety of your users data and product IP.

How does JSDefender work?

JavaScript apps are typically distributed in source form, meaning your code can easily be visible to anyone with access to a browser. If a project isn’t protected, a hacker can conveniently use a debugger (that is built in their browser) along with other sophisticated tools to analyze your code for vulnerabilities – which highlights the path of hijacking your project. JSDefender uses a layered approach that is applied to the binary code using obfuscation, encryption, tamper detection, domain locks, debugger removal, function recording and more, basically scrambling the source code making this very difficult for the average hacker.

When should you use JSDefender?

Anyone who is developing an IoT (internet of things), mobile/desktop application, SaaS (software as a service), or any system software program using JavaScript as your language of development, should be using JSDefender. It’s widely known that investing in DevSecOps (development security operations) is of increasing importance for not only companies, but freelancers as well. There is not an industry that has not been affected by a data breach, and any company who uses or has built a website should know the importance of investing in DevSecOps. We did a case study of GlobalMed who used JSDefender in order to protect their advanced virtual health platform and now they have become the world’s number one telemedicine company!

Where does JSDefender work?

JSDefender is injected directly into your source code. You can specify your own configuration file or use command line options to set up protection attributes. It takes minutes to set up and seconds to begin securing your source file. We have developed a demo so that you can visually see how this works in real time!

JSDefender demo

Why should you use PreEmptive JSDefender?

By using JSDefender you are taking action against any type of attacks to your JavaScript projects by obscuring and managing your vulnerabilities directly in your code within a matter of seconds. We know time is of the essence in development, but implementing security in the beginning of the SDLC saves you time, money and protects your reputation in the long-run. Waiting until the end to scan for vulnerabilities will only prolong the development cycle and you will end up running into issues that could have been avoided if security was part of the process early on. JavaScript is here to stay and as the world of tech advances, so will hackers. So if you feel that your DevSecOps isn’t up to par or stressed about being hacked, download a free trial by visiting our product page and start protecting your intellectual property today!


For more information on how to get started or need further help, we encourage you to use our resources, found in our navigation bar. We hope this blog has guided you to better understand JSDefender for JavaScript. Be on the lookout for our upcoming 101’s! 


Categories
Press Releases

PreEmptive Product Updates

Reading Time: 3 minutes

We are pleased to announce the general availability of Dotfuscator 6.4, DashO 11.2 and JSDefender 2.4 for our customers.

PreEmptive has been hard at work on the latest releases of Dotfuscator, DashO, and JSDefender. The improvements are part of PreEmptive’s strategy to continuously support all products with regular updates and new features. Headlining some of the product updates are improvements to integration and usability, and bug fixes to help ensure we keep our customers happy!

Below are the highlights of each release with links to further information such as how to access the latest version, documentation, and changelogs. Free evaluations are always available for each product.

Dotfuscator 6.4

Dotfuscator Professional protects .NET applications from reverse-engineering and hacking, using a variety of static and dynamic code transforms and injected runtime checks. Examples include symbol renaming, control flow obfuscation, string encryption, debugger detection, and tamper detection. It integrates into the development build process and operates on the .NET Intermediate Language. Dotfuscator Professional supports .NET, including .NET Core, .NET 5, Xamarin, and Mono.

The Dotfuscator Professional 6.4.0 release improves the support for default interface implementations in .NET Core 3+. Dotfuscator can now protect applications that use .NET’s default interface implementation feature, without extra configuration steps which were required before.

Additionally, the tool now provides more granular control of managed resource renaming. Users can now disable automatic resource renaming, in cases where the application loads those resources manually from strings that cannot be statically analyzed.

This version enables authenticated proxies to communicate with the PreEmptive licensing servers, which is a requirement at many enterprise customers.

The Xamarin.Android Root Check is also updated to handle new versions of Android rooting tools. 

Product Links

DashO 11.2

DashO protects Java and Android applications from reverse-engineering and hacking, using a variety of static and dynamic code transforms and injected runtime checks. Examples include symbol renaming, control flow obfuscation, string encryption, debugger detection, and tamper detection. It integrates into the development build process and operates directly on compiled Java bytecode.

The DashO 11.2.0 release enables Include and Exclude rules to be configured via Java Annotations and Supertypes. Rules can now match classes based on the existence of methods or fields that match the criteria.
The New Project Wizard now includes settings for generating Entry Point rules based on Java annotation based criteria, including a special set of entry points for Hibernate/Java Persistence API.

Additionally, DashO now processes compiled bytecode from Java 16 (except for the record type and the Sealed Classes preview feature).

Also, Global Processing Excludes now allows for classes to never be updated by DashO.

Product Links

JSDefender 2.4

JSDefender protects JavaScript code from reverse-engineering and hacking, using a variety of static and dynamic code transforms and injected runtime checks. Examples include symbol renaming, control flow obfuscation, string encryption, browser-based “Dev Tools” detection, and tamper detection. It integrates into the development build process and operates directly on JavaScript code. JSDefender also supports other languages that “transpile” to JavaScript, such as TypeScript. JSDefender can protect JavaScript running in the browser, on servers/workstations (e.g. NodeJS based applications), and on mobile devices (e.g. React Native applications).

The JSDefender 2.4.0 release brought several changes to the protection runtime which makes the protected code of our customers much harder to reverse-engineer.

Also, it extends the Control Flow transform with an option called “injectFakeCode” that injects fake test conditions to the control flow statements to mislead and confuse the attacker.

Additionally, the release fixes some bugs in the error script parsing of the runtime checks and in the Control Flow transform.

Product Links