HUMAN is Named a Leader and Earns Top Scores in Nine Criteria in the Forrester Wave™: Bot Management Software, Q3 2024

CODE DEFENDER

Benefit safely from browser scripts

Maximize and protect the business value of client-side scripts, while surgically blocking their hidden security and compliance risks.

Code Defender_Product Page

HUMAN Code Defender is a web application security and compliance solution that provides comprehensive real-time visibility and granular control of your website’s client-side attack surface.

CODIE_2021_logo_white

Modern websites heavily rely on scripts for a wide range of benefits. Both legitimate and malicious scripts can compromise sensitive user data, damaging your reputation, compliance, and bottom line. Yet webpage scripts are invisible to most security controls.

Deployed with a single line of code running in each of your real consumers' browsers, Code Defender automatically inventories your webpage scripts, alerts on risky & anomalous script behavior, enables granular protection of your customers’ sensitive data, and simplifies your privacy and PCI DSS 4.0 compliance.

Code Defender's granular client-side mitigation lets security teams block specific risky script actions (e.g. accessing passwords or credit card numbers) without blocking the script's desired business outcome.

See and Stop Client-Side Attacks

Gain full visibility into the scripts running on your website and prevent client-side attacks

Human-Code Defender-Gain Total Visibility

Gain Total Visibility

Continuously Monitor Scripts

With a single line of code, auto-discover your browser attack surface, including all scripts and sensitive data

Human-Code Defender-Protect Customer Data

Protect Customer Data

Granular Control Over Scripts
Manage scripts granularly to mitigate risk without interrupting their desired function
Human-Code Defender-Simplify Continuous Compliance

Simplify Continuous Compliance

Quickly Find and Manage PII Leakage
Inventory your web scripts, manage authorizations, assure integrity, and generate reports

Enable Security and Compliance of Website Scripts

Scripts enable you to do business on your website, but they come with a certain level of risk. Code Defender prevents script based data leakage.

Seeing Code Defender in Action is Believing

See how we protect websites from client-side supply chain attacks

Use Web Scripts Without Risk

Code Defender secures your website by answering the questions “what are my third-party scripts doing” and “what data is being exposed by the scripts?”
Find Browser Scripts
Websites use scripts for a number of actions, from login to checkout. Many groups inside a company deploy scripts to enable business without understanding their impact to risk.  

Code Defender provides real-time visibility into all scripts, all downstream dependencies, and every action taken in real users' browsers. Deployed as a single line of code on your site, Code Defender will automatically discover and monitor all scripts, simplifying management.
Understand
Script Activity

Modern website scripts load dynamically at run-time in users’ browsers and frequently change without notice. As a result, point-in-time vulnerability scans alone are not sufficient to analyze scripts for malicious or vulnerable code.

Code Defender provides rich insights into and analysis of JavaScript activity on your real consumers’ browsers. It flags and risk-scores any new or changed script behavior, and automatically generates alerts. Out-of-the-box integrations enable sending alerts to your favorite security and collaboration tools.

Mitigate Risky Scripts

Though providing significant business value, third-party client-side scripts and libraries can put you at risk of a user data breach.

Code Defender allows security teams to authorize important scripts, but disable their unnecessary, anomalous, or potentially malicious elements. With client side mitigation (CSM), security teams have real-time granular control over client-side JavaScript, so they can enable the business without sacrificing access control risks.

Comply With PCI
Client-side scripts can provide a means to silently leak your users’ PII, including credit card data. Suspicious scripts are typically completely out of your control, and simply removing them may break key functionality on your website.

The Code Defender dashboard offers an at-a-glance overview and actionable recommendations to stop compliance violations and generate compliance reports for audits by Internal Security Assessors (ISA) or PCI’s Qualified Security Assessor (QSA).
HUMAN_Code-Defender_01_Script-Connections-Map
Find Browser Scripts
Websites use scripts for a number of actions, from login to checkout. Many groups inside a company deploy scripts to enable business without understanding their impact to risk.  

Code Defender provides real-time visibility into all scripts, all downstream dependencies, and every action taken in real users' browsers. Deployed as a single line of code on your site, Code Defender will automatically discover and monitor all scripts, simplifying management.
HUMAN_Code-Defender_02_Analyzer
Understand
Script Activity

Modern website scripts load dynamically at run-time in users’ browsers and frequently change without notice. As a result, point-in-time vulnerability scans alone are not sufficient to analyze scripts for malicious or vulnerable code.

Code Defender provides rich insights into and analysis of JavaScript activity on your real consumers’ browsers. It flags and risk-scores any new or changed script behavior, and automatically generates alerts. Out-of-the-box integrations enable sending alerts to your favorite security and collaboration tools.

HUMAN_Code-Defender_03_Dashboard
Mitigate Risky Scripts

Though providing significant business value, third-party client-side scripts and libraries can put you at risk of a user data breach.

Code Defender allows security teams to authorize important scripts, but disable their unnecessary, anomalous, or potentially malicious elements. With client side mitigation (CSM), security teams have real-time granular control over client-side JavaScript, so they can enable the business without sacrificing access control risks.

HUMAN_Code-Defender_04_PCI-Compliance-Inventory
Comply With PCI
Client-side scripts can provide a means to silently leak your users’ PII, including credit card data. Suspicious scripts are typically completely out of your control, and simply removing them may break key functionality on your website.

The Code Defender dashboard offers an at-a-glance overview and actionable recommendations to stop compliance violations and generate compliance reports for audits by Internal Security Assessors (ISA) or PCI’s Qualified Security Assessor (QSA).

Safeguarding Website and Enable
Regulatory Compliance

“We wanted to find the anomalies and changes in our client-side scripts. The Code Defender behavioral analysis solution greatly simplifies this process.”

 
—Lee Tarver, Sr. Manager, Security Architecture and Engineering, Sally Beauty

How Code Defender works

Human Security-Code Defender-How Code Defender Works
Human-Code Defender-Deploy

Deploy

The first step is to insert a JavaScript snippet on the Template for all pages. Ideally this snippet should be loaded directly to the Document Object Model (DOM) via HTML, at the top of the <head> block as a first party. The snippet is very lightweight at approximately 30kb. Once loaded the page will send relevant information to the HUMAN Sensor. If Code Defender is enabled, it is included as part of the sensor.
Human-Code Defender-Analyze

Analyze

The Sensor collects activity signals from the client-side browser, including interactions with the DOM, network domains, and local storage. This information is sent to the cloud-based Detector for analysis. The Sensor does not collect any personal data from the browser.
Human-Code Defender-Detect

Detect

Using advanced machine learning models, the cloud-based Detector analyzes the client-side activity signals to build a baseline profile for every first-, third- and Nth-party script running on the web page. The Detector flags any changes in script behavior or execution of new scripts and automatically generates alerts.

Key Integrations

Secure your online accounts against fraud and abuse by easily integrating Code Defender with your existing infrastructure.

Edge Integration (CDN, Cloud)
Human Security-Key Integrations-Cloudfront Logo
Human Security-Key Integrations-Fastly Logo
Human Security-Key Integrations-Cloudflare Logo
Human Security-Key Integrations-Akamai
Human Security-Key Integrations-Yottaa
Human Security-Key Integrations-Azion
Human Security-Key Integrations-Section
Load Balancers & Web Servers
Human Security-Key Integrations-Apache
Human Security-Key Integrations-Citrix NetScaler
Human Security-Key Integrations-f5
Human Security-Key Integrations-Haproxy
Human Security-Key Integrations-Varnish Cache
Human Security-Key Integrations-Kong
Human Security-Key Integrations-Ngnix
Human Security-Key Integrations-Apigee
Human Security-Key Integrations-Envoy
Human Security-Key Integrations-Cowboy
Application SDK/Middleware
Human Security-Key Integrations-PHP
Human Security-Key Integrations-NodeJS
Human Security-Key Integrations-Python
Human Security-Key Integrations-Ruby
Human Security-Key Integrations-Java
Human Security-Key Integrations-ASP.NET
Human Security-Key Integrations-Heroku
Serverless & Cloud Frameworks
Human Security-Key Integrations-Azure Active Directory
Human Security-Key Integrations-App Engine
Human Security-Key Integrations-Google Cloud Functions
Human Security-Key Integrations-Kubernetes
User Identity Platforms
Human Security-Key Integrations-Azure Active Directory
Human Security-Key Integrations-Okta Logo
Human Security-Key Integrations-Ping Identity Logo
E-Commerce Platforms
Human Security-Key Integrations-Salesforce Commerce Cloud
Human Security-Key Integrations-Magento
Human Security-Key Integrations-Marketo
Human Security-Key Integrations-Drupal
Logs & Metrics
Human Security-Key Integrations-Adobe Analytics
Human Security-Key Integrations-Google Analytics
Human Security-Key Integrations-Datadog
Human Security-Key Integrations-Splunk
Vulnerability Intel
Human Security-Key Integrations-Synk

Featured Resources