When we started cside, one of the core deliverables was to bring awareness to client-side executed attacks. Bad actors know you have a range of various tools for internal IT security, server side security, network flow monitoring, static registry open source dependency monitoring heck we even pay for DLP repackaged promising to prevent data leakage to LLMs...
But companies do not know how their site and their dependencies behave in the browser of their user. This blog constantly talks about attacks we find. Attacks that would not have been discovered if it wasn't for cside, its customer base and the research we do.
So to those who enjoy our content and wish to stay on top of our findings: we have now released an RSS feed (https://cside.dev/blog/rss).
Making it easier than ever for you to stay up to date on our content.
We’re excited to release our notifications engine. This is designed to give your team real time visibility into security alerts, exactly where they are required. Webhook notifications allow for you to add an endpoint URL directly to your dashboard for your domain(s) which can be used for integrations with slack, discord or your preferred platform. You can also receive alerts to your own AWS S3 bucket in a .csv file format, which can be used to integrate with your own internal workflows or preferred logging / SIEM platforms.
Read more about how to enable and configure notifications on our documentation pages.
We have released a feature that allows you to match patterns in dynamic scripts urls to lessen the amount of repetitive scripts that you see. This allows you to maintain a clean and less cluttered dashboard, while still ensuring that each individual script goes through full security analysis.
This feature significantly reduces the amount of scripts that need to be reviewed for PCI DSS compliance on the PCI Dashboard, as dynamic scripts that in some cases can generate over 10,000+ individual requests are now grouped together using pattern matching based on the URL query parameters, consolidating them into a single script for review and reducing the workload dramatically.
To learn how more about this feature can help simplify your dashboard and PCI script reviewal process, check out our documentation page.
We have rebuilt our entire proxy in Rust and have moved away from node.js .
This allows us to achieve much faster and reliable performance, as this upgrade will handle an ever growing amount of requests and data more efficiently. This means that we can keep pace and grow along with our customers.
With this new version being applied to all of our proxy endpoints, we now run up to around 100x faster than before, resulting in lower latency and faster response times across the board.
We’re proud to announce the launch of our Partner Program. This initiative equips our partners with the tools, resources, and flexible business models they need to help their clients stay safe from client-side attacks.
Through our unified dashboard, partners can efficiently manage all their client projects while offering a revenue-generating solution that not only strengthens website security but also delivers measurable performance gains.
Offering a flexible 3 tier identity access model.
- Organizations contain billing information and some top level platform controls. An organization contains one or more teams.
- Teams are fully isolated from one another. End customer can be invited to this team. The team contains the various domains of a customer.
- Domain level contains all the client-side dashboard and intelligence.
The cside partner program was built with a range of indirect sales channels in mind:
- Service integrators and PCI consultants.
- Web development agencies.
- Full integrations into PaaS or lowcode hosted site platforms.
We’re proud to announce our PCI DSS SAQ D compliance checks have been completed and accepted as of today.
Our product has been PCI compliant since entering the market. But this official certification cements the trust our customers put in us. With cside you can achieve compliance with PCI DSS requirements 6.4.3 and 11.6.1.
Find our trust page here.
Today we're proud to announce we've made cside available on the AWS marketplace. This allows cside to be implemented quickly and the ability to streamline the purchase and management solution within our customers’ AWS Marketplace account.
We're excited to announce that cside enterprise now supports Okta SSO.
Any enterprise customer can simply follow the guide in our documentation to setup their environment.
As part of PCI DSS v4.0.1 reporting of script changes, security header changes and business and technical justifications must be kept on record and reported on at least weekly. cside enterprise customers who opted into the PCI DSS dashboard now automatically receive a report weekly each Monday.
The report includes the scripts present on the webpage and their business justification as well as the security header changes of the past week. Each member of the cside team will receive the report.
The report is also available for download in the PCI DSS dashboard.
Excited to announce c/side AI powered compliance engine.
Compliance requirements like PCI DSS require merchants to maintain technical or business justifications for scripts to be on a given page. This can be a difficult task to do manually but, by understanding the script code and gaining further usage context AI can do a perfect job! Therefore we are excited to share our range of AI compliance features.
With our AI script justifications, one click solves the requirement.
And we are not taking any risks. We do not leak any sensitive information to any 3rd party as we are hosting a model ourself. We do not talk to a 3rd party API, there is no risk of data leakage.
With our AI features, we aim to make compliance simpler.
With our AI features, we make life harder for bad actors to fly below the radar.
With our AI features, we make it easier to understand what the scripts on your website are doing.
We're solving client-side security.