Web App Attacks Surge 800%, otto-js Announces Integrated Runtime Vulnerability Detection for GitHub Advanced Security

Software supply chain attacks increased a shocking 650% in 2021; web app attacks grew 800% compared to 2019; and Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest the global cybersecurity workforce needs to grow 65% to defend organizations' critical assets effectively.

otto JavaScript Security announced its integration of Client-side 3rd-party Application Security Testing & Monitoring to GitHub Advanced Security. otto-js is a next-generation runtime 3rd-party supply chain security testing & monitoring tool in GitHub, bringing cybersecurity to developer-centric tooling. Engineering teams can now leverage otto-js for continuous testing & monitoring for risk & vulnerabilities being introduced at runtime by 3rd & Nth party scripts.

According to one recent study, software supply chain attacks increased a shocking 650% in 2021, web app attacks grew 800% compared to 2019, and Cybersecurity Workforce Estimate and Cybersecurity Workforce Gap suggest the global cybersecurity workforce needs to grow 65% to defend organizations' critical assets effectively.

"When you consider the incredibly insufficient number of security experts worldwide (roughly 3.5 million) compared to the vast number of developers on GitHub (83 million), it's clear the industry needs to focus on building integrated security solutions for developers," said otto-js Co-founder & CEO Maggie Louie.

GitHub code scanning, part of its Advanced Security offering, runs security checks across code as it's created, automating application security as an integral part of the developer workflow. otto-js' 3rd-party Client-Side AppSec testing and monitoring works alongside GitHub security products, like Dependabot, for software composition analysis (SCA) to provide comprehensive application security testing, visibility, protection, and control over supply chain vulnerabilities and attacks.

"GitHub has a relentless focus on the developer experience. We understand that developers want to stay focused on writing code, and not switching from tool to tool. Integrating actionable security notifications from GitHub Advanced Security and the growing partners in our marketplace helps to reduce the time to remediate security issues by keeping developers in flow. otto's addition to the GitHub Marketplace delivers a dynamic application testing solution (DAST) for third-party JavaScript vulnerabilities that occur in runtime and complements customers' existing security stacks," said Clay Nelson, VP of Enterprise Sales - Central US GitHub.

With the vision of supporting teams that are severely short-staffed in cybersecurity, Chad Fowler, former CTO of Wunderlist and Chief Product Officer at otto-js, led the development of otto's user interface "ottoBox" and functional design to embody an "Inbox Zero" methodology.

"The problem with most cybersecurity and threat detection tools is they require a lot of security expertise to understand, let alone manage. Even security experts spend hours in conventional tools trying to review and classify thousands of requests to figure out which represent risks. It seemed like the industry needed something intuitive and automated, so you don't need all the charts and analytics. Instead, you have a very practical solution for teams needing to move quickly and get back to their core jobs," said Fowler.

In 2021, JavaScript developers requested an estimated 1.5 trillion packages from npm, a 50% YoY increase. The modern web app now has, on average, 80 dependencies. Many of these third-party scripts interact with sensitive user data in the browser at runtime, creating a blind spot for security and making the third-party supply chain a popular and profitable new attack surface for bad actors.

otto-js loads with the code in the client-side browser at runtime, where it continuously monitors the third-party supply chain for vulnerabilities and risky script behaviors, like reading credentials/PII data and sending customer data to external servers. The company also provides mitigation for client-side attacks like Magecart and malware.

As the deadline for new PCI DSS V4 compliance approaches & GDPR security standards accelerate, otto-js is a significant and timely addition to the GitHub Marketplace. Fuelled by growing cyber threats and privacy concerns across all industries, leveraging developer platforms like GitHub to enable developer-centric security solutions will be critical to the evolution of cybersecurity and cyber resilience.

About otto-js

otto JavaScript Security (otto-js) is a client-side application security startup based in Atlanta, GA, with offices in Memphis, TN, and London, UK. otto empowers engineers to test, monitor, detect and control third-party client-side vulnerabilities and third-party script behavior live at runtime. With client-side DevOps testing tools, defensive protection, and dynamic policy management, otto is giving developers the visibility, protection, and control to secure third-party supply chain dependencies from client-side vulnerabilities & attacks.

Learn more and start a free trial at otto-js.com.

Source: otto JavaScript Security

Share:


Tags: Application Security, GitHub, JavaScript


About otto-js

View Website

otto JavaScript Security empowers developers to test, monitor, detect and control 3rd-party client-side vulnerabilities and 3rd-party script behavior live at runtime.

Press otto-js
Press otto-js
Media Inquiry, otto-js
otto-js
460 S Highland St Suite 109
Memphis, TN 38111
United States