Home Web app Web application attacks increase by 800%, otto-js announces built-in runtime vulnerability detection for GitHub Advanced Security

Web application attacks increase by 800%, otto-js announces built-in runtime vulnerability detection for GitHub Advanced Security


Software supply chain attacks increased by 650% in 2021; web application attacks increased by 800% compared to 2019; and Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest that the global cybersecurity workforce needs to grow by 65% ​​to effectively defend organizations’ critical assets.

Press release

updated: August 17, 2022

ATLANTA, Aug. 17, 2022 (Newswire.com) –
otto JavaScript Security announced its integration of client-side third-party application security testing and monitoring with GitHub Advanced Security. otto-js is a third-party, next-generation runtime supply chain security monitoring and testing tool in GitHub, bringing cybersecurity to developer-centric tools. Engineering teams can now leverage otto-js for continuous testing and monitoring of risks and vulnerabilities introduced at runtime by nth and third-party scripts.

According to a recent study, software supply chain attacks increased by 650% in 2021, web application attacks increased by 800% compared to 2019, and the estimated workforce in cybersecurity and the cybersecurity workforce gap suggest that the global cybersecurity workforce needs to grow by 65% ​​to defend organizations. efficiently critical assets.

“When you consider the impossibly insufficient number of security experts worldwide (around 3.5 million) compared to the large number of developers on GitHub (83 million), it’s clear that the industry needs to focus on creating of integrated security solutions for developers,” said otto-js Co-founder and CEO Maggie Louie.

GitHub code analysis, part of its advanced security offering, runs security checks on code as it is created, automating application security as an integral part of the developer’s workflow. otto-js third-party client-side AppSec testing and monitoring works with GitHub security products, like Dependabot, for software composition analysis (SCA) to provide security testing, visibility, protection, and comprehensive application control over supply chain vulnerabilities and attacks.

“GitHub is relentlessly focused on the developer experience. We understand that developers want to stay focused on writing code, not switching between tools. The integration of actionable security notifications from GitHub Advanced Security and growing partners in our market helps reduce the time to fix security issues by keeping developers in the flow Adding otto to the GitHub Marketplace provides an application testing solution (DAST) for third-party JavaScript vulnerabilities that occur at runtime and complements existing customer security stacks,” said Clay Nelson, VP of Enterprise Sales – Central US GitHub.

With a vision to support understaffed teams in cybersecurity, Chad Fowler, former Wunderlist CTO and Product Manager at otto-js, led the development of otto’s UI “ottoBox and functional design to embody an “inbox zero” methodology.

“The problem with most cybersecurity and threat detection tools is that they require a lot of security expertise to understand, let alone manage. “reviewing and ranking thousands of claims to determine which pose risks. It seemed like the industry needed something intuitive and automated, so you don’t need all the graphs and analytics. At instead, you have a very convenient solution for teams that need to move quickly and get back to their core tasks,” Fowler said.

In 2021, JavaScript developers requested approximately 1.5 trillion packages from npm, a 50% year-over-year increase. The modern web application now has an average of 80 dependencies. Many of these third-party scripts interact with sensitive user data in the browser at runtime, creating a security blind spot and making the third-party supply chain a popular and profitable new attack surface for bad actors. actors.

otto-js loads with code in the client-side browser at runtime, where it continuously monitors the third-party supply chain for vulnerabilities and risky scripting behavior, like reading information from identification/PII data and sending customer data to external servers. The company also provides mitigation for client-side attacks such as Magecart and malware.

As the deadline for new PCI DSS V4 compliance approaches and GDPR security standards accelerates, otto-js is an important and timely addition to the GitHub Marketplace. Fueled by growing cyber threats and privacy concerns across industries, leveraging development platforms such as GitHub to enable developer-centric security solutions will be critical to the evolution of cybersecurity and cyber -resilience.

About otto-js

otto JavaScript Security (otto-js) is a client-side application security startup based in Atlanta, GA, with offices in Memphis, TN, and London, UK. otto enables engineers to test, monitor, detect, and control third-party client-side vulnerabilities and the behavior of third-party scripts live at runtime. With client-side DevOps testing tools, defensive protection, and dynamic policy management, otto gives developers the visibility, protection, and control needed to secure third-party supply chain dependencies from side-by-side vulnerabilities and attacks. customer.

Learn more and start a free trial at otto-js.com.

Source: otto JavaScript Security