Cybersecurity startup Client-side Development Inc., which does business as C/side, said today it has closed on a $6 million seed funding round to accelerate the development of its tools for monitoring, optimizing and securing browser-side third-party scripts.
The round was led by Uncork Capital and saw participation from Mantis VC, Scribble Ventures, Roar Ventures and PrimeSet. It brings C/side’s total amount raised to $7.7 million, following a pre-seed raise that closed earlier this year.
Vulnerabilities in browser-side third-party scripts are one of the major causes of software supply chain attacks today. Third-party scripts are pieces of code, often written in JavaScript, that are integrated with websites and applications to implement additional functionality or features such as tracking analytics, displaying ads or providing social media integration.
Developers use third-party scripts because they’re a huge time saver. Rather than rewrite the code necessary to enable these features each time they create a new app or website, they can simply reuse the code written by third-parties, saving themselves tons of hassle.
The use of third-party scripts has become widespread, but there are significant risks when using them. The main challenge is that the creators of these scripts often update them to improve the functionality they deliver, and this is generally done without the knowledge of the companies that use them. Unfortunately, these updates sometimes introduce security vulnerabilities that can be exploited by malicious actors to redirect website visitors, steal sensitive information and manipulate website content.
C/side is the creator of what it calls an “advanced proxy service” and artificial intelligence-driven detection engine, which helps it to identify and neutralize malicious third-party scripts in real time. Its toolkit not only makes websites and applications safer, but can also improve their performance.
Cyberattacks that leverage vulnerabilities in third-party scripts are common. In a recent example of such an attack, around 100,000 websites were potentially compromised following the acquisition of the Polyfill.io web domain by an unnamed Chinese company. Polyfill is a popular open-source library that provides third-party code to ensure that modern web features can still work in older browsers.
In a report, C/side explained that in the wake of the acquisition, the new owners of the domain introduced a vulnerability that allowed them to inject malware into any mobile device visiting a website that embeds the Polyfill code.
C/side founder and Chief Executive Simon Wijckmans cited this attack and another recent breach involving the healthcare provider Kaiser Permanente LLC as examples of how this attack vector is “rapidly escalating.”
“Security and IT teams cannot take a ‘set it and forget it’ approach to the third-party web scripts that run through their organization’s website,” he said.
Uncork Capital Managing Partner Andy McLoughlin said client-side app security is one of the most challenging threats faced by digital organizations today. “It’s a problem that has been largely overlooked until now,” he added, hence the decision to back the startup.
The funds from today’s round will be used to help accelerate the development of its product and grow its customer support, sales, partnership and marketing teams.
Enterprises can access the free version of C/side’s platform now, and the startup is planning to launch Business, Enterprise and Partner tiers with advanced functionality in the near future.