Browser Protection
Introduction
The purpose of adding JavaScript in any application is to update the html content dynamically without reloading the entire page, enhance the interactivity, manage data, and improve the user experience.
On average, an application can have 100’s of JavaScript's. If an application is compromised and malicious JavaScript is part of the application, then JavaScript can run at browser level and send information to the hacker directly.
Our AppTrana’s CSP (Client- Side Protection) feature protects the customers by blocking malicious JavaScript's.
How to Protect Client Side Application?
- Go to Protect > Browser Protection.
- Two toggle buttons are given. One is to enable client-side protection and the second is to enforce protection.
- Once you enable the Protection toggle button, the enforcement will be done within 24hours.
Browser Protection Summary
The summary contains three sections, those are:
- Internal JavaScript
- External JavaScript
- Source Domains
Without Policy: At first when the domains are listed in the table, Approval status displayed as Pending. If a customer doesn’t take any action, then the domain is called domain Without Policy.
Policy Added : If action taken in a domain (allowed or blocked), then the domain is called policy added.
Reference Domains
This field displays all the domains with JavaScript details.
| Parameter | Description |
| Ref. Domain Name | This field displays the source domain name. |
| Approval | Pending- When a site is onboarded, initially the status reflects as pending. Allowed – Enable the toggle button to allow JavaScript. Blocked – Disable the toggle button to block JavaScript. While updating the approval status domain details pop-up opens. Enter your comments in respective field, example: Valid JavaScript, Malicious JavaScript. Also, the email address of the user who changed the status will be displayed. |
| Source Type | External-The list of JavaScript which is not added during onboard called as external. Internal- The list of JavaScript added in the domain during onboard called as Internal JavaScript. |
| JS Referred | Click on the Show button to see the referred JavaScript. |
Referred JavaScript
This field displays the list of allowed or blocked JavaScript's for a selected domain.
Go to the Primary Reference Domains table, select the domain to show JavaScript, and click Show button.
| Parameter | Description |
| JS File Name | This field displays JavaScript file name. |
| Pages Referred | The count of pages in the domain where javascript is referred. |
| Requests Triggered | This field gives the count of requests triggered. |
| Details | Click on the Details button to see the JavaScript details. |
| Chain Reference | This field shows a list of domains for which the javascript is routed through. |
JavaScript Details
| Parameter | Description |
| Domain Name | This field displays the domain name. |
| JS Identified | JavaScript identified time: Example: MM/DD/YYYY 11:23:50 PM |
| Base URL | The list of URLs where JavaScript is used. |
| JavaScript File Name | This field displays the JavaScript file name. |
| IP’s that triggered jquery | Customers can identify the list of IP addresses where the JavaScript is used, latest request, and the number of requests are displayed here. |
Script Change Alerts
If any content is modified in JavaScript, then an alert will be created in this section.
| Parameter | Description |
| JavaScript File Name | This field shows the name of the JavaScript. |
| Last Changed | This field shows the date when the content has been modified. |
| Page Referred | The count of pages in the domain that use JavaScript. |
| Source Domain | Domain names are displayed in this field. |
| Mark as Read | Customers must read the alert and acknowledge the changes in JavaScript. |
