Can a WAF detect when malicious JavaScript is stealing user data from my website?

This site uses cookies and other technologies that let us and the companies we work with collect information about your device and usage of the site to enable functionality, analytics, and advertising. See our Cookie Notice for details.

Find out more in our privacy policy and cookie notice.

The answer is no, because the data theft happens within your user's browser after your WAF has done its job. Credit card information collected by malicious scripts from your checkout form is sent to the attacker's server. This outbound request comes directly from the user's browser, not from your infrastructure. Your WAF only sees everything between your users and your servers, but it's blind when it comes to data exfiltration happening in real-time.

Can cside work alongside my existing WAF without conflicts?

We monitor an entirely different dimension of the application stack; hence, there is no interference.

Does cside's JavaScript proxy add latency like a WAF does to all traffic?

cside only adds 8-20 milliseconds to specific dynamic JavaScript files we proxy, with static scripts cached for faster loading.

How does cside's approach compare to the complexity of managing a WAF?

cside is much simpler because we're only handling JavaScript files, not your entire web infrastructure.

What happens if cside's proxy goes down? Will my website break?

Your website will continue working as intended with our fail-open design and 99.99% uptime SLA.