Client-side Attack Surface Mapping

Discover all client-side web assets in seconds.

Feroot Security Inspector automatically discovers and reports on all web assets and their data access.

Inspector finds security vulnerabilities on the client-side and reports on them, and provides specific client-side threat remediation advice to security teams in real-time.

Client-side security made easy

Websites and web applications ingest customer information at critical touch points, such as login and financial transaction forms.


  • Detects and outlines abnormal application behaviors
  • Enlightens security teams of their client-side attack surface
  • Alerts application developers to code issues to fix in real-time

By revealing previously undetected or net new threats, and delivering mitigation advice, Inspector allows users to close security gaps in their client-side applications.

JavaScript data access insights instantly

Inspector replicates user actions on web applications and simulates attacker reconnaissance activities.

Uncover exactly what needs to be fixed to stop client-side threats.

The Inspector dashboard showcases:

  • Keylogger and malware presence
  • Web asset inventory
  • Number and details of script actions
  • Cross border data transfer performed by third party scripts
  • Scripts with known vulnerabilities and remediation advice
  • Number of malicious hosts exfiltrating data along with telemetry to block them
  • Obfuscated code to investigate

Client-side attack surface reports

Inspector includes reports to support customer security needs and reporting workflows.

Reports include detailed information on scanned web asset, including:

  • Data exfiltration and location
  • Enumeration of all JavaScript assets
  • Third-party JavaScript vulnerabilities
  • Client-side cyber threat intelligence
  • Recent code changes
  • Active data trackers (e.g. digital ads)
  • Active data collection forms
  • All data input ingestion points

Alerts to accelerate client-side security

Inspector ingests third-party cyber threat intelligence (CTI) and vulnerability intelligence to accurately pinpoint issues in web assets, as well as potential active exploits.

Inspector triggers alerts for security issues and events, which require immediate corrective action.

Alerts can be customized based on customer preferences, and include detailed information on which code to repair, patch, and how to fortify your client-side security posture.

Protect customer data to achieve privacy and compliance

Inspector continuously monitors customer-facing applications that collect customer data. By alerting application developers and security analysts to anomalous behaviors early, they can act to immediately stop data exfiltration.

By utilizing Inspector, privacy and compliance teams can continuously assess the maturity of their compliance program with data privacy detections that enable compliance with PCI, GDPR, CCPA, PIPED, and more.

Inspector provides compliance program information at the push of a button, with reporting and program enhancement advice.

Lightweight client-side security
technology to reduce operational

Inspector is a web application that doesn’t require an agent or the installation of software. Customers receive access to the Inspector portal and can begin taking advantage of it’s features and functionality immediately.

Inspector customers start scanning their client-side applications, starting with the URL of a chosen website or web application, on day one.

Inspector boils a variety of manual tasks, multiple technologies, and arduous processes down to a single automated scan, and takes the ambiguity and pain out of client-side security.

Through a single, easy to use web dashboard, security teams can assess and fortify their client-side security posture in seconds, instead of hours or days.

How Inspector works

Inspector monitors all client-side security-related events within the user’s browser. Inspector deploys synthetic users, disguised as honeypot customers, to autonomously simulate real user behavior. Inspector is able to identify malicious scripts and unauthorized actions on web assets.

Synthetic users are able to complete real user tasks (including logging into applications, filling in a web form, making a purchase, and more) to reveal and provide mitigation advice on:

  • Which applications and scripts are running on a given web application
  • What data third party scripts or applications have access to
  • Which third party scripts or applications can manipulate or utilize sensitive data in an unauthorized manner

Inspector enhances third-party cyber threat intelligence with in-house collected client-side cyber threat intelligence to holistically detect malicious code activities to provide leading client-side threat detection and response.


Inspector’s OpenAPI can integrate with cybersecurity products, application development technologies and ticketing systems, so that Inspector scans results, alerts, and telemetry can be further operationalized. Current integrations include:

Ralph Pyne Sr. Director, Information Security at Adroll

Feroot helped our team gain outside-in visibility into the security of customer experience making our platform even more secure.

Learn How to Guard Your Web Applications Today

See Client-side Security in Action!