Solutions
By Need
JavaScript Protection
Magecart Mitigation
Mobile App Protection
Data Leakage Prevention
Third Party Control
Customer Hijacking Prevention
User Data Protection & Compliance
By Sector
Financial Services
IT & Software
E-Commerce
Healthcare
Media & OTT
Gaming & Gambling
Products
Code Integrity
Application Shielding
Runtime Protection
JavaScript Threat Monitoring
Webpage Integrity
Webpage Inventory
Third Party Management
User Data Management
Webpage Threat Mitigation
Resources
Partners
Docs
Blog
Help Center > Code Integrity > Documentation > Transformations > Self Defending

Self Defending

Potency High
Resilience High
Cost High
Tags: rasp, tampering, debugging

Description

Self Defending protects functions and object literals concealing their logic, blocking code tampering attempts with anti-tampering techniques, and detecting debuggers to trigger defenses that thwart reverse engineering attempts. Countermeasures can be specified (optionally) to be executed when someone tries to debug or tamper with the code.

Note: if you intend to minify your code after protecting it with Jscrambler, make sure that the tolerateMinification flag is enabled in your application. This makes it so that the modifications done by this process are not treated as malicious by this and other transformations. We nonetheless recommend that you use Jscrambler after minifying your code, as the last step of your build process, for optimum results. You can learn more about how to configure your application here.

Tolerate Benign Poisoning

The tolerate Benign Poisoning option allows to a certain degree, the native function poisoning considered by Jscrambler as "benign". Some mobile and web frameworks inject polyfills for specific native functions at runtime (f.e console.log or setInterval), and for that reason, Self-Defending considers them malicious. You should activate the tolerateBenignPoisoning option to prevent "benign actions" from breaking your application. If you are using:

  • ReacNative
  • NativeScript
  • Node.js
  • Angular
  • Ionic

Please include the tolerateBenignPoisoning option on the Self-Defending parameters.

Code Annotation Example

// @jscrambler define selfDefending {threshold: 10480, options: [tolerateBenignPoisoning], countermeasures: {deleteCookies: 1, redirect: /logout}} as sd
// @jscrambler enable sd

Option Types

Name Required Default Value Description
threshold No 10240 Minimum size (in bytes) that a function / object literal must have to be targeted by the transformation.
options No [] List of available options
countermeasures No {"deleteCookies": false,"realTimeNotifications": false,"dataExfiltrationPrevention": false,"selfDestruct": false} List of available countermeasures

Options

Name Description
tolerateBenignPoisoning Blocks only malicious native function poisoning

Countermeasures

Name Description
customCallback Name of the function to be called as a countermeasure.
deleteCookies Deletes all the cookies accessible via JavaScript.
redirect Redirects the user to a specific URL.
realTimeNotifications Sends a notification when a violation occurs.
dataExfiltrationPrevention Prevents a malicious actor from carrying out an unauthorized data transfer by blocking network requests.
selfDestruct Attempts to damage the state and behavior of the application and/or the environment that is running the application.

Browser Compatibility

Browser Compatible Versions Tested Versions Notes
Chrome 70+ 70+
Firefox 60+ 60+
Internet Explorer 9+ 8+
Microsoft Edge 97+ 97+
Safari 11.1+ 11.1+

API Parameters

Example:

{
  "keys": {
    "accessKey": "XXXXXX",
    "secretKey": "YYYYYY"
  },
  "applicationId": "ZZZZZZ",
  "params": [
    {
      "name": "selfDefending",
      "options": {
        "threshold": 10240,
        "options": [],
        "countermeasures": {
          "customCallback": null,
          "deleteCookies": false,
          "redirect": null,
          "realTimeNotifications": false,
          "dataExfiltrationPrevention": false,
          "selfDestruct": false
        }
      }
    }
  ]
}