Free TrialSign In
decorative image
decorative image

End-to-End API Encryption for Protection of Web and Mobile Applications

Codesealer provides strong application integrity, wrapping both source code and APIs in strong authenticated encryption.

Give any reverse engineers and hackers a run for their money with a completely novel approach to web application security.

Designed for seamless integration, with no app changes or user actions needed. Enhance your defences in the easiest way possible.

E2E Encryption of All Your APIs

API calls without Codesealer

POST /api/login HTTP/1.1 HOST: backend.com {"user": "alice", "password": "pass123"} ----------------------------------------- HTTP/1.1 200 OK {"accessToken": "QyUhjMk0WdbMvZPr3vH0Fw=="}
POST /~bl/x HTTP/1.1 HOST: backend.com X-CS-SessionID: 63bd3719-c528-467d-b175-7bd7927c4ea1 PHF9bydrfThVWG8qLzVccjsubw... ----------------------------------------- HTTP/1.1 200 OK L1srKXtTZ1h5KVtgVWlJdkpUOH1Wcg...
Codesealer wraps your API calls in application layer E2E encryption, preventing adversaries from crafting malicious payloads.
Encryption is automatically applied to web applications by overriding Javscript's XHR and fetch functions - no code changes required!
Built using state of the art, high performance cryptographic protocols including X25519 key exchange and Aegis-128 authenticated encryption.

Conceal All API Endpoints

Visible APIs without Codesealer

https://your.domain.com/api/cart/item/add https://your.domain.com/api/products/search https://your.domain.com/api/account/funds/transfer https://your.domain.com/api/customer/login https://your.domain.com/admin/password/reset https://your.domain.com/oauth/v2/authorize
https://your.domain.com/~bl/x
Codesealer conseals all your API endpoints behind a single opaque endpoint, blocking all direct requests.
Lock away access to your backend behind Codesealer's strong, dynamic protection.
Codesealer doesn't rely on reactive API monitoring and alerting, we simply remove the API attack surface.

Secure Code Delivery

Code delivery without Codesealer

GET /vulnerable.dependency.js HTTP/1.1 HOST: backend.com ----------------------------------------- HTTP/1.1 200 OK !function() {   "use strict";   var e, t, r, n, o, u, i, c, f, a = {}, l = {};   function d(e) { ...
GET /~bl/b/EZXPt5rW9reObblyI0RJUeTp HOST: backend.com ----------------------------------------- HTTP/1.1 200 OK fTEyTVNIImAkP2YqeCwiOzRUPjpR...
Codesealer ensures that your code is executed as intended by encrypting all Javascript transferred to browser.
Your code is decrypted and executed in a tamper-resistant environment, making it extremely difficult to reverse engineer the application.
The exact cryptographic details change with every session, increasing the required time and effort to perform an attack.

Dynamic Runtime Protection

HTML document without Codesealer

<html>   <script src="vulnerable.dependency.js"></script>   <script>       fetch('/api/login', {           method: 'POST',           body: '{"user": "alice", "password": "pass123"}'       });   </script> </html>
<html>     <script></script>     <script></script>     <script data-conf="yArcIqfK...meGLNw">,         var ħ = "kQq,'F[D1f?<v!7YiBtm =pWX>a;*3-5zT).c4R^";         function ǵ(ә, ħ) {             var ΐ = 0, ӻ = [1, 32, 1024], ņ = 0;             while (ۅ[ө(ә)] > 31) {                 ΐ += (ۅ[ө(ә++, -237)] & 31) * ӻ[ņ++]             }             ΐ += ۅ[ө(ә++, 566)] * ӻ[ņ++];                          ...     </script> </html>
Codesealer's reverse proxy strips all <script> tags in HTML documents, preventing attackers from accessing the application's source code.
Code is replaced by a secure 'Bootloader', establishing a highly fortified, unique runtime environment for the original application code.
The Bootloader performs tamper checks to ensure that the environment can be trusted throughout the execution.
Ready to learn more or try Codesealer?
Experience seamless security with no changes to application code and no agents in the browser

Seamless Integration

Decorative Image

Unparalled Security Without Any of the Hassle

Our solution requires no changes to the existing web application code and has no impact on the end user's experience.
Just deploy our reverse proxy in front of your backend infrastructure to protect your application.
For mobile applications the iOS and Android SDKs can be integrated with a few lines of code.
Run in a way that fits you: We provide a fully managed SaaS or let you host Codesealer yourself as a raw binary, Docker image, Helm Charts, and more.
Decorative Image

Engineered for Maximum Performance

Codesealer is designed from the buttom up to have as small an impact on performance as possible.
Our reverse proxy is fully horizontally scalable, allowing you to easily adjust Codesealer to your workload.
Our end-to-end encryption is based on the high performance encryption scheme Aegis-128 which takes full advantage of modern CPU encryption instructions.
Play button for a video
Watch our video and learn how to protect your web app

See It In Action!

Watch our demo video to see the effect of deploying Codesealer on a real application.
You can also explore the unprotected and protected versions of the application yourself. Open your browser's Developer Tools to see the effect!
Ready to learn more or try Codesealer?
An easy to use security solution ensuring unparalled end-to-end integrity of any web application

Codesealer application protection in a nutshell

0
Codesealer protects any existing application without any code changes.
1
Simply deploy the Codesealer reverse proxy in front of your existing backend infrastructure.
2
Codesealer replaces all application code with a uniquely generated Bootloader providing a secure runtime for your code.
3
All application code is transferred to the browser using authenticated encryption and executed inside the Bootloader, protecting your application from inspection and tampering.
4
All API endpoints are concealed behind an opaque endpoint and all API requests are automatically encrypted beyond TLS, preventing request forgery and manipulation.
5
Our integrated WAF inspects requests sent through legitimate interactions with the application, blocking malicious payloads.
/api/login/api/transfer/api/delete
Backend
/x
WAF
Network
Browser
Application Code
Bootloader
Flexible deployment options that fit into any existing application architecture
Docker logoKubernetes logoHelm logoAWS logoGCP logoAzure logo

Deploy Anywhere, The Way That Fits You

Packaged in many different ways, including as raw binaries, Docker images and Helm charts, allowing you to deploy in a way that suites you.
Fully cloud enabled, easily deploying into any existing cloud environments, including AWS, GCP, and Azure.
Image of a server

SaaS

    Instantly protect your applications
    Infrastructure managed by Codesealer
    Configurable through our management portal
    Simply change your DNS to point at our server
Image of a server

Self-Hosted

    Deploy our proxy and management portal into your existing infrastructure
    Pick the deployment model that suits you: Bare metal, Docker, Kubernetes, etc.
    Fully horizontally scalable with minimal dependency on our backend
Image of a server

Enterprise

    Get the same experience as Codesealer Self-Hosted but with all components fully in your control
    Dedicated support from the Codesealer team

Codesealer Free Trial Available

Take a deep dive into the technology, get in touch with us, or try Codesealer totally free.

We have something for both managers and developers. Click below to find out about what next steps you can take.

Njalsgade 76, 3rd FloorCopenhagen, Denmark
Codesealer
Our ProductDeployment Options and PricingSee Codesealer in ActionTry It YourselfLearn MoreCodesealer Portal
Features
API EncryptionAPI ConcealmentSecure Code DeliverySeamless IntegrationNo Code ChangesRuntime Protection
Resources
White PapersCybersecurity InsightsDemo VideosAPI Security Best PracticesOWASP Top 10 StandardsPCI DSS v4.0
Company
About UsPrivacy PolicyContact Us