When a script passes through cside, it is analysed in detail using a range of detection engines asynchronously. Creating a list of bad scripts stopped from being delivered if seen. Cside users receive instant alerts through webhooks or email and can also integrate their SIEM. The complete malicious payload is preserved for forensic analysis, and you receive detailed reports showing exactly what was attempted. This gives your security team everything needed for incident response and helps prevent similar attacks in the future. Unlike solutions that rely on threat feed intel or crawl pages, cside stops the attack in real-time.
Does a CSP provide enough security?
CSP is a great base-layer for client-side security, but it cannot see script contents. Depending on your needs and risk profile, it may or may not be sufficient.
Why doesn't a Content Security Policy (CSP) make us PCI compliant?
PCI DSS requires monitoring scripts for changes. CSP can only control sources, not inspect payloads, so it cannot meet PCI DSS requirements.
Why do you offer CSP for free?
We fundamentally believe every individual and operation should be able to secure themselves, regardless of resources.
Can cside work alongside my existing WAF without conflicts?
We monitor an entirely different dimension of the application stack; hence, there is no interference.