WAF signatures are designed to catch known attack patterns in HTTP requests targeting server vulnerabilities by analyzing inbound requests. Client-side attacks use completely legitimate HTTP requests to deliver JavaScript that only becomes malicious when it executes in the browser. Often client-side attacks are fetched by the users browser from a 3rd party endpoint meaning the website' owners WAF is not even in the flow of the request rendering it useless Further still the malicious payload is often obfuscated or uses conditional logic that appear harmless in the HTTP request but reveals its malicious intentions only when running in a specific browser environment that your WAF never sees.
Can cside work alongside my existing WAF without conflicts?
We monitor an entirely different dimension of the application stack; hence, there is no interference.
Does cside's JavaScript proxy add latency like a WAF does to all traffic?
cside only adds 8-20 milliseconds to specific dynamic JavaScript files we proxy, with static scripts cached for faster loading.
How does cside's approach compare to the complexity of managing a WAF?
cside is much simpler because we're only handling JavaScript files, not your entire web infrastructure.
What happens if cside's proxy goes down? Will my website break?
Your website will continue working as intended with our fail-open design and 99.99% uptime SLA.