Why are third party scripts a danger?

Third-party scripts are executed on the user's browser, basically after all layers of protection we have had concluded their work. Once loaded, these JavaScript components now have full access to our page, they are able to change them, access all information in them (including forms) and can even record keystrokes and save them. Because third-party scripts are hosted on a remote location, site owners are unable to monitor any changes made to them. If and when a third-party vendor is hacked and has its code change to hide malicious activity; we, as site owners are oblivious to it


Our solution

Source Defense's VICE. (Virtual iFrame Containment Enclosure) patent pending engine handles scripts without requiring special (out of standard) changes to it. It evades rather than block and masks while maintaining the required functionality and visitor experience. All this is done via SAAS platform and in real time. For the first time, using a simple, user friendly UI an administrator can control exactly what each script accesses on the page and for each action they can choose a reaction.


Two step implementation



How does it work?

Source Defense's VICE. (Virtual iFrame Containment Enclosure) patent pending engine is loaded into the visitor’s browser, allowing it to react in real time to each action the script is taking. Each third-party JavaScript is isolated inside a virtual page that is a reflection of the original page minus what the third-party is not supposed to see. Essentially each third-party script has access to see only the DOM elements that are allowed by the administrator. This very robust and immune methodology allows Source Defense to deal with multiple attack-vectors such as DOM events, elements attributes, CSS, cookies, move elements/nodes around the DOM, block/allow URL’s and much more. Once the JavaScript creates the HTML elements, the security policies are consulted and if the elements created in the virtual page are in line with the policies set for this-third party, it will be moved to the page.