Feroot Security believes that businesses and their customers should be able to experience a safe and secure online user experience. Whether it’s leveraging the purchasing power of an e-commerce website, accessing internet-based healthcare services, or transferring money between financial accounts, Feroot Security’s sole mission is to secure client-side web applications so that businesses and their customers can engage safely in online environments.
Businesses come to Feroot to enable automated and advanced client-side security programs. Our data protection capabilities significantly minimize time- and labor-intensive code reviews and threat analysis, and remove the ambiguity associated with client-side security detection, response, and prevention.
Our products help organizations uncover supply chain risks and protect their client-side attack surface.
Feroot Security was founded in 2017. Increased investor funding has facilitated Feroot growth over the last few years, first with $2.5 million in seed funding in 2021 and another $8.5 million in February 2022.
Feroot Security is headquartered in Toronto, Ontario, Canada. In addition, Feroot Security employs staff in the United States, Brazil, and South Africa.
Feroot secures the front end—or client side—of web applications from Magecart, e-skimming, cross-site scripting (XSS) and other types of client-side attacks due to problems with JavaScript, third-party or open-source libraries, or flaws or vulnerabilities in the web application code design. Our products—Inspector, PageGuard, and DomainGuard help organizations uncover supply chain risks and protect their client-side attack surface.
Client-side security is important today because of the increase in attacks against individuals using the web to access services that require the sharing of sensitive and personally identifiable information (PII). These types of services include e-commerce, healthcare, finance/banking, and hospitality.
The primary cause for these types of attacks relates to vulnerable programming in web applications, 98% of which involve the use of JavaScript. In addition, up to 80% of websites pull their JavaScript from open-source and third-party libraries, also known to contain vulnerable, flawed, or malicious code. JavaScript, code libraries, and the general lack of front-end web application security has created unprecedented opportunities for exploitation.
To fully mitigate the risk for breaches or attacks, companies must simultaneously protect both their server and the client side of their business. This includes everything that customers see, such as text, images, and the rest of the UI, along with anything customers interact with, such as what the website or web application does within the user’s browser.
“The beauty of Feroot Inspector is that it covers a clear and present attack vector. Over 5% of attacks come via supply chain and third-party scripts, and most security teams are blind to these with their current security tools. This particular attack vector is becoming more and more prominent. We’re seeing more real-world client-side attacks coming. So, from a security perspective, it’s in the news and it’s real. From the privacy perspective, everyone is aware how important it is to align with privacy best practices and regulations.
We’re on a mission to be the trusted low-code vendor in the industry. Our number one priority is to establish trust with our customers and ensure the security of our entire digital ecosystem. Feroot Security Inspector has provided us with an automated technology to uncover our client-side attack surface and protect it in real-time.”
“A day doesn’t go by that you don’t hear about a new JavaScript-based attack on a company’s website or web application. We’re seeing attackers pivoting from traditional server-side attacks to client-side attacks. To protect our business from server-side threats, we needed to enhance our client-side security capabilities to stay ahead of the threat.
Now that we have Inspector integrated into our security operations, we are happier with our front-end security posture. We are even more confident that we are able to find issues in our web applications quickly and fix them. We believe we have a solid solution in place to keep our eyes on our front end.”
“A while back, a third-party had been responsible for our digital magazine property. Alas, the third-party hadn’t set up the proper client-side security controls, and we inadvertently became victims of a Magecart attack. We needed to take control of our client-side security and bring it in house. We needed to understand everything about our client-side digital properties to keep our business and our customers safe from harm.
During the Feroot Inspector demo we saw a lot of information that we didn’t know about, and didn’t have the technology to uncover. Feroot showed us all the first- and third-party scripts that were running on our web pages, code that was obfuscated, vulnerabilities in our code, ongoing data fingerprinting, and more. It blew us away.”
