با برنامه Player FM !
JavaScript is Often the Most Common Resource to be Compromised and Exploited | Let's See How Client-Side Security Can Help Successfully Navigate the Application Threat Landscape | An Imperva Brand Story with Lynn Marks: Sr. Product Manager
Manage episode 469142493 series 3649986
Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.
The conversation begins with a key question: What is client-side protection?
Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,’ where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.
Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva’s Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.
Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva’s Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.
For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.
Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.
Top Questions Addressed
- What is client-side protection?
- How can an organization protect itself against client-side attacks?
- What is the role of Imperva's Client Side Protection product in combating client-side security threats?
Note: This story contains promotional content. Learn more.
Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/lynnmarks1/
Blog | https://thenewstack.io/author/lynn-marks/
Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988
Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttq
Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
567 قسمت
Manage episode 469142493 series 3649986
Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.
The conversation begins with a key question: What is client-side protection?
Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,’ where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.
Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva’s Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.
Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva’s Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.
For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.
Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.
Top Questions Addressed
- What is client-side protection?
- How can an organization protect itself against client-side attacks?
- What is the role of Imperva's Client Side Protection product in combating client-side security threats?
Note: This story contains promotional content. Learn more.
Guest: Lynn Marks, Senior Product Manager at Imperva [@Imperva]
On Linkedin | https://www.linkedin.com/in/lynnmarks1/
Blog | https://thenewstack.io/author/lynn-marks/
Resources
Learn more about Imperva and their offering: https://itspm.ag/imperva277117988
Guide: The Role of Client-Side Protection: https://itspm.ag/impervlttq
Catch more stories from Imperva at https://www.itspmagazine.com/directory/imperva
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
567 قسمت
همه قسمت ها
×
1 How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber | Reflections from Black Hat USA 2025 | A Musing On the Future of Cybersecurity with Sean Martin and… 11:44

1 Black Hat 2025: More Buzzwords, Same Breaches? | What’s Heating Up Before Black Hat 2025: Top Trends Set to Shake Up this Year’s Hacker Conference | An ITSPmagazine Webinar: On Location Coverage… 1:00:22

1 Making Honeypots Useful Again: Identity Security, Deception, and the Art of Detection | A Conversation with Sean Metcalf | Redefining CyberSecurity with Sean Martin 31:48

1 Hiring for the Present Is Hurting the Future of Cybersecurity: Why “Entry-Level” Rarely Means Entry | A Conversation with John Salomon | Redefining CyberSecurity with Sean Martin 41:38

1 OT Emergency Preparedness: When Disaster Recovery Meets Real-World Safety | A Conversation with Tobias Halmans | Redefining CyberSecurity with Sean Martin 49:51

1 When AI Looks First: How Agentic Systems Are Reshaping Cybersecurity Operations | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 4:32

1 From Feed to Foresight: Cyber Threat Intelligence as a Leadership Signal | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3 6:39

1 Agentic AI to the Rescue? From Billable Hours to Bots: The New Legal Workflow | A Conversation with Frida Torkelsen and Maged Helmy | Redefining CyberSecurity with Sean Martin 44:16

1 Inside the DARPA AI Cyber Challenge: Securing Tomorrow’s Critical Infrastructure Through AI and Healthy Competition | An RSAC Conference 2025 Conversation with Andrew Carney | On Location Coverage… 27:35

1 Vibe Coding: Creativity Meets Risk in the Age of AI-Driven Development | A Conversation with Izar Tarandach | Redefining CyberSecurity with Sean Martin 35:52

1 Building and Securing Intelligent Workflows: Why Your AI Strategy Needs Agentic AI Threat Modeling and a Zero Trust Mindset | A Conversation with Ken Huang | Redefining CyberSecurity with Sean Martin 43:10

1 Detection vs. Noise: What MITRE ATT&CK Evaluations Reveal About Your Security Tools | A Conversation with Allie Mellen | Redefining CyberSecurity with Sean Martin 36:06

1 The Cyber Resilience Act: How the EU is Reshaping Digital Product Security | A Conversation with Sarah Fluchs | Redefining CyberSecurity with Sean Martin 44:10

1 Hackers, Policy, and the Future of Cybersecurity: Inside The Hackers’ Almanack from DEF CON and the Franklin Project | A Conversation with Jake Braun | Redefining CyberSecurity with Sean Martin 40:32

1 The 2025 OWASP Top 10 for LLMs: What’s Changed and Why It Matters | A Conversation with Sandy Dunn and Rock Lambros | Redefining CyberSecurity with Sean Martin 46:45
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.