We introduced per-connection features based on JA3/JA4 TLS fingerprinting. By computing the JA4 hash from the full TLS ClientHello (including cipher suites, extensions, ALPN, and elliptic curves), we can now detect VPN client software that attempts to masquerade as a standard web browser.
Linear & Jira Integration
You can now connect cside to Linear and Jira to automatically create issues from any alerts. We've revamped how Notifications at cside work, giving you full control and flexibility where which alerts are sent. Linear and Jira integrations are available on the Business and Enterprise plan. Check out the docs to get started.
We introduced a self-serve 14-day free trial for all business plan tiers, allowing new customers to evaluate our premium features before committing.
We implemented new detections for ad injection via client-side scripts. The system now populates iframe data, resolves iframe URLs, and alerts customers when scripts exhibit suspicious redirect behavior (e.g., 5 or more redirects).
The cside enterprise plan now supports self service SSO setup for Okta, Microsoft Entra ID (formerly Azure AD), and Duo Security.
Configure your identity provider directly in the cside dashboard. No support tickets required. Security teams can onboard faster with full control over authentication settings.
Excited to share a very gentle rebrand to cside (at least in copy). Legacy search algorithms struggle to understand special characters and this became an increasingly silly problem. So from now on, it is cside. With the new brand, we're also pushing a new website, cside.com. Our new website unveils the long ongoing effort of cside’s expansion to other client-side security solvable problems. To begin, Chargeback fraud evidence for Compelling Evidence v3, detecting fraudulent applicants as they fill out the job form and various privacy and compliance use-cases.
When we started cside, one of the core deliverables was to bring awareness to client-side executed attacks. Bad actors know you have a range of various tools for internal IT security, server-side security, network flow monitoring, static registry open source dependency monitoring, heck, we even pay for DLP repackaged, promising to prevent data leakage to LLMs...
But companies do not know how their site and their dependencies behave in the browser of their user. This blog constantly talks about attacks we find. Attacks that would not have been discovered if it wasn't for cside, its customer base, and the research we do.
So, to those who enjoy our content and wish to stay on top of our findings, we have now released an RSS feed (https://cside.dev/blog/rss.xml).
Making it easier than ever for you to stay up to date on our content.
We’re excited to release our notifications engine. This is designed to give your team real time visibility into security alerts, exactly where they are required. Webhook notifications allow for you to add an endpoint URL directly to your dashboard for your domain(s) which can be used for integrations with slack, discord or your preferred platform. You can also receive alerts to your own AWS S3 bucket in a .csv file format, which can be used to integrate with your own internal workflows or preferred logging / SIEM platforms.
Read more about how to enable and configure notifications on our documentation pages.
We have released a feature that allows you to match patterns in dynamic scripts urls to lessen the amount of repetitive scripts that you see. This allows you to maintain a clean and less cluttered dashboard, while still ensuring that each individual script goes through full security analysis.
This feature significantly reduces the amount of scripts that need to be reviewed for PCI DSS compliance on the PCI Dashboard, as dynamic scripts that in some cases can generate over 10,000+ individual requests are now grouped together using pattern matching based on the URL query parameters, consolidating them into a single script for review and reducing the workload dramatically.
To learn how more about this feature can help simplify your dashboard and PCI script reviewal process, check out our documentation page.
We’re proud to announce the launch of our Partner Program. This initiative equips our partners with the tools, resources, and flexible business models they need to help their clients stay safe from client-side attacks.
Through our unified dashboard, partners can efficiently manage all their client projects while offering a revenue-generating solution that not only strengthens website security but also delivers measurable performance gains.
Offering a flexible 3 tier identity access model.
- Organizations contain billing information and some top level platform controls. An organization contains one or more teams.
- Teams are fully isolated from one another. End customer can be invited to this team. The team contains the various domains of a customer.
- Domain level contains all the client-side dashboard and intelligence.
The cside partner program was built with a range of indirect sales channels in mind:
- Service integrators and PCI consultants.
- Web development agencies.
- Full integrations into PaaS or lowcode hosted site platforms.
