Feroot

Toronto, ON, Canada
2017
  |  By Feroot
Washington, D.C. – U.S. lawmakers announced a bill to ban DeepSeek, the Chinese AI chatbot app, from government devices following a security analysis by Feroot Security that revealed alarming privacy and national security risks. The research suggests that DeepSeek collects user data, including digital fingerprints, login credentials, and behavioral information, potentially sending it to servers tied to the Chinese government.
  |  By Feroot
Compliance for Payment Providers SAQ D presents unique challenges due to their distributed business model. With payment pages, iframes, and forms embedded across thousands of merchant websites, ensuring consistent security and maintaining PCI DSS 4.0.1 compliance requires sophisticated solutions and strategies.
  |  By Feroot
ABC Good Morning America featured an exclusive report this morning highlighting Feroot’s discovery of concerning code within DeepSeek’s AI platform. Feroot, a leading cybersecurity firm, uncovered hidden capabilities enabling direct data transmission from DeepSeek to China Mobile servers.
  |  By Feroot
Researchers at Feroot Security have identified computer code within the web-based version of DeepSeek’s AI chatbot that could potentially send user login information to China Mobile, a Chinese state-owned telecommunications company. This discovery raises significant privacy and national security concerns, particularly as China Mobile has been barred from operating in the United States due to its alleged ties with the Chinese government and military.
  |  By Feroot
Are you an SAQ A merchant figuring out if or how the PCI DSS 4 update applies to you? Let’s break it down in simple terms before you talk to your QSA and ISA.
  |  By Feroot
PCI DSS Compliance for SAQ-D Service Providers and Merchants is more critical than ever. Despite widespread awareness of the updated requirements, ot appears that over 90% of service providers remain unaware that they must implement new technical measures for the iFrames (with payment functions loaded) on their customers’ payment pages to meet Requirements 6.4.3 and 11.6.1.
  |  By Feroot
PCI DSS 4 introduces new requirements for SAQ-A and SAQ-A-EP Merchants. Key new changes are Requirements 6.4.3 and 11.6.1. While these requirements play a crucial role in preventing and detecting e-commerce skimming attacks they also require merchants to implement and operate new technical capabilities on payment webpages. Requirements 6.4.3 and 11.6.1 apply to all scripts executed in a consumer’s browser on payment pages, defined as web-based interfaces that capture or submit account data.
  |  By Feroot
SAQ A-EP is a key focus of the Payment Card Industry Data Security Standard (PCI DSS) version 4, which introduces changes affecting merchants. Designed for e-commerce merchants who partially outsource their payment processing but have website elements impacting transaction security, SAQ A-EP ensures compliance with these updated requirements. This article clarifies these changes and outlines the top 5 actions SAQ A-EP merchants should take before March 31, 2025.
  |  By Feroot
If you thought PCI DSS 4.0.1 was just a minor tweak to the old requirements, think again. 2025 is here, and it’s clear that many SAQ A-EP merchants are still missing critical steps needed to stay compliant. In fact, we noticed that over 90% of SAQ A-EP merchants aren’t aware that they need to implement new technical measures to address Requirements 6.4.3 and 11.6.1.
  |  By Feroot
PCI DSS 4 Compliance requires a clear understanding of the latest requirements, particularly Requirement 6.4.3 and 11.6.1, which emphasize the importance of JavaScript monitoring for maintaining secure payment environments. For AppSec, Infosec, or ISA/QSA professionals, staying on top of PCI DSS 4.0.1 can feel overwhelming, but protecting payment card data leaves no room for errors.
  |  By Feroot
Feroot Security Inspector automatically discovers and reports on all JavaScript web assets and their data access. Inspector finds JavaScript security vulnerabilities on the client-side and reports on them, and provides specific client-side threat remediation advice to security teams in real-time. With Inspector, customers are able to conduct constant client-side attack surface management and defense.
  |  By Feroot
Feroot Security co-founders, Ivan Tsarynny and Vitaliy Lim, discuss the client-side landscape and why security is needed to protect the front-end.
  |  By Feroot
Head of Application Security at The Motley Fool, Paolo del Mundo, shares his experience with Feroot's Inspector and how it has increased visibility into their client-side attack surface.
  |  By Feroot
Client-side security is important today because of the increase in attacks against individuals using the web to access services that require the sharing of sensitive and personally identifiable information (PII). Feroot enables proactive client-side security programs to protect the customer journey. Our products are designed to significantly diminish a threat actor’s ability to breach customer data or damage websites via client-side attacks. We help cybersecurity and application security professionals guard the customer experience.
  |  By Feroot
Empower your business with client-side security. Arm your application developers, security professionals, and privacy professionals with reliable client-side security technologies to develop secure JavaScript applications, stop client-side cyberattacks, and ensure compliance with global privacy regulations. Learn more about Feroot Security and what we can do to help you secure your client-side attack surface!
  |  By Feroot
See Feroot Security Inspector in action. Learn how you can deploy client-side JavaScript security monitoring to detect Magecart, e-skimming, formjacking, JavaScript vulnerabilities, and other threats to your customer-facing web applications.
  |  By Feroot
Learn how to protect your client-side web applications and the customer data you collect via your websites. Gain a deep understanding of how to stop skimming breaches by closing gaps in your web application firewalls, content security policies, penetration testing, security testing, and vulnerability scanning coverage. Explore the basics of client-side security and learn how businesses can protect themselves and their customers with automated tools, monitoring, and controls to stop threats, all while safeguarding customer data.
  |  By Feroot
In a world in which commerce, business, and information are driven almost exclusively by the internet, protecting both consumers and data is critical.
  |  By Feroot
Learn how client-side web security programs use Feroot Security to align with cybersecurity frameworks.
  |  By Feroot
Learn everything you need to know about client-side security to protect JavaScript web applications and customer data. Discover how to secure your business so that it may succeed in today's digital economy.
  |  By Feroot
Learn how to protect your JavaScript web applications and customer data from cyberthreats. Discover how to secure your webpages and web applications so that your business can thrive. The guide highlights the fundamental risks associated with using JavaScript in an unprotected client-side environment and what web application developers and security professionals can do to better protect their websites and website users.

Secure your JavaScript web applications and webpages with automated security scanning, monitoring, and controls to stop cyber threats and protect customer data.

Arm your application developers, security professionals, and privacy professionals with reliable client-side security technologies to develop secure JavaScript applications, stop client-side cyberattacks, and ensure compliance with global privacy regulations.

Empower your business with client-side security:

  • Know your client-side attack surface: Create an inventory of client-side elements and gain a deep understanding of how scripts and applications behave and the data they can access.
  • Uncover suspicious behavior: Discover and control client-side web assets. Monitor web application behavior to determine if baseline scripts or applications show runtime or access abnormalities.
  • Act on privacy & compliance reports: Gain deep transparency of your client-side asset inventory, tracking, and remediation status’. Track PCI DSS, NIST, CIS Top 20, OWASP Top 10, and MITRE ATT&CK program maturity.

Client-Side Security Made Easy.