Web Security News

The Portuguese Entrepreneurs Who Are Protecting Your JavaScript

February 13th, 2017 | By Jscrambler | 3 min read

"Tech firms have an obligation to guarantee the integrity of their applications, but it seems that many are failing to do so, and risk compromising their users as they fall prey to client-side or browser hacks. An example is the GozNymin malware, a hybrid of two strains of known malware that targeted the business banking and credit unions sector and stole around $4 million from 24 US and Canadian banks in April 2016.

Portuguese tech entrepreneurs Rui Ribeiro and Pedro Fortuna, founders of Porto-based web security startup Jscrambler, believe they have developed a solution that tackles the hidden dangers of this client-side hacking, a threat that many businesses are surprisingly still unaware of. The idea for Jscrambler emerged in 2009 when the pair were busy developing a solution to fight click-fraud in advertising campaigns. This was a web traffic audit mechanism that was JavaScript dependent.

Ribeiro says: “We searched the market and found there was no tool capable of protecting our JavaScript, so we created one. We launched the first beta version in 2010, and it was an immediate success. Since then, it has evolved in terms of resilience, potency and efficiency, thanks to a lot of investment in R&D. In its 4.0 version, Jscrambler is a full client-side protection and monitoring solution that ensures that users can run apps safely, even in hostile environments."

Surprisingly, many businesses are still unaware of this threat to their security, as Fortuna explains. “Traditionally, code protection meant storing as much code on the server as possible,” he says. “This kept your code safe from prying eyes and allowed the server to do the heavy lifting, performance-wise. Even today, storing your code on the server certainly offers the best protection, although with some disadvantages.

“One challenge involves forcing an Internet connection; if you’re developing an application you want to work offline, it is not feasible. Performance is another. Server calls take time. That’s not an issue for simple apps, but for high-performance apps like games, excessive latency can ruin the user experience. This raises concerns as more and more logic is being executed on the client-side where, due to the nature of the language, is very exposed to code tampering and code injections.”

Companies still focused on deploying server-side security mechanisms, like web application firewalls, are starting to realize that the threat model for web applications is changing.

“It's not enough to find security vulnerabilities and fix them,” says Ribeiro. “You need to ensure that your web application is as resilient as it can be against user-experience tampering, malware injection, data leakage, and IP and code theft.”

Until now, organizations have relied heavily on endpoint security solutions to protect the client side, paying little attention to the hidden dangers of hacks through the client side, yet solutions such as antivirus have a low success rate, believed to be around 40%.

“If you consider that an application encompasses both server and client side and that the client side solution doesn’t necessarily have to be endpoint security, then you understand the thinking behind Jscrambler,” says Fortuna.

Jscrambler growth

In 2014 Jscrambler raised $800,000 in seed funding from Portugal Ventures, a public VC and PE firm, and traction to date has been strong; Jscrambler has over 28,000 customers globally, including Fortune 500 companies, and a number of global brands.

The Jscrambler team is also growing, currently 20 strong, and the company, which has offices in Porto, Lisbon, and San Francisco, is expanding its operations to the US, their primary market.

It is one of a growing number of startups flourishing in Portugal’s tech ecosystem, which was recently boosted when its capital Lisbon hosted the Web Summit. However, Ribeiro insists that Porto is the real scale-up city of Portugal, and also a leading European hub for innovation, startups, and investments.

He says: “Jscrambler will continue to be a disruptive player, revolutionizing the application security scene, and delivering a resilient solution for client-side security that companies and individuals can rely on. There are no excuses for ignoring the risks that are being taken when unprotected code is deployed or underestimating the importance of monitoring what is happening on the client side as we are witnessing on the expanding cyber-battlefield every day.”"

Contributed by Allison Coleman, Forbes contributor

Originally published on Forbes on February 13, 2017.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next


Porto's Startup Scene

Jscrambler has been supporting communities for a while now. This time, we are proud to announce that Pedro Fortuna, our CTO, will be a guest of Porto Startup Coffee and Founders Founders Inauguration.

April 4, 2017 | By Jscrambler | 2 min read


Celebrating 500K App Builds Protected with Jscrambler: Lessons Learned

This week marks 500,000 app builds protected with Jscrambler. So, we take the chance to share the lessons we learned about app security along the way.

May 5, 2020 | By Jscrambler | 5 min read

Section Divider

Subscribe to Our Newsletter