dotConnect is a fintech with the vision to empower financial institutions to provide their clients with a platform that delivers an exceptional digital banking experience. Via cloud-native solution architecture that is built for scale and resilience, dotConnect allows banks to accelerate their digital transformation and automation journeys. This enables these banks to provide a modern, customer-focused digital experience, reduce operational service requirements, and achieve low and predictable operational costs while also guaranteeing flexible integration with new and legacy banking systems using a decoupled approach.
Headquarters
Birmingham, UK
Jscrambler’s client
Since 2019
Industry
Business Services
Use cases
Anti-Tampering, Data Exfiltration Prevention
Today, 73% of all consumer interactions with banks are done digitally. And when it comes to banking, security is a prime directive. When asked about the most important attributes when choosing a bank, 82% of consumers say, “ensures my transactions are safe/secure.” Being aware of how security is one of the key drivers in the ongoing banking digitalization, dotConnect wanted to ensure that they were developing secure banking apps. This meant covering every inch of the attack surface.
Regarding web and hybrid mobile banking apps, one key security challenge is protecting the JavaScript code, which can be targeted by reverse-engineering, tampering, and injection attempts. This layer of protection is essential to reduce exposure to data exfiltration and transaction fraud, which can originate from client-side attack vectors.
“When you have a financial product out in the public domain, you’re a prime target for attackers.”
Mohamed Gamil, CEO & Founder of dotConnect
The answer to dotConnect’s challenges in terms of source code protection was the cutting-edge technology provided by Jscrambler. Both founders had previously used Jscrambler in a previous solution within the banking sector a few years ago. So, when embarking on this new venture, they revisited the market to compare vendors and found that Jscrambler was still the market-leading solution in this sector. Thus, it was the obvious choice. Because dotConnect had to ensure maximum protection of the JavaScript source code, its team decided to combine two of Jscrambler’s most effective clientside security layers: JavaScript Obfuscation and Self-Defending.
Jscrambler’s Polymorphic JavaScript Obfuscation includes several different techniques that transform the original source code into a new version that is extremely hard to understand and reverse-engineer while keeping its original functionality. Included in this layer is Jscrambler’s Code Hardening feature, which provides up-to-date protection against all reverse-engineering tools and techniques.
dotConnect uses Jscrambler Self-Defending, a security layer that adds integrity checks and other runtime defenses that prevent attackers from debugging or tampering with the code. As such, if anyone tries to debug the protected banking app at runtime, the app will immediately break. Likewise, if an attacker tries to modify the code to dynamically understand its logic at runtime, the application will break to stop the attack. This advanced runtime protection reduces the attack surface to data exfiltration attacks by making it much harder for attackers to understand how the software works and plan/ automate these attacks
“The protection layer that Jscrambler provides is very, very difficult to interpret, break or bypass.”
Mohamed Gamil, CEO & Founder of dotConnect
Top Jscrambler Features for dotConnect
Polymorphic JavaScript Obfuscation
Self-Defending
Code Hardening
dotConnect development team had no issues integrating Jscrambler into the CI build process, thanks to detailed documentation and support.
One requirement of dotConnect was to pass their clients and their own strict penetration testing rounds. Jscrambler helped them achieve that by passing 5 penetration testing rounds.
Related resources
