End-to-End API Encryption for Protection of Web and Mobile Applications
Codesealer provides strong application integrity, wrapping both source code and APIs in strong authenticated encryption.
Give any reverse engineers and hackers a run for their money with a completely novel approach to web application security.
Designed for seamless integration, with no app changes or user actions needed. Enhance your defences in the easiest way possible.
E2E Encryption of All Your APIs
API calls without Codesealer
POST /api/login HTTP/1.1 HOST: backend.com {"user": "alice", "password": "pass123"} ----------------------------------------- HTTP/1.1 200 OK {"accessToken": "QyUhjMk0WdbMvZPr3vH0Fw=="}
POST /~bl/x HTTP/1.1 HOST: backend.com X-CS-SessionID: 63bd3719-c528-467d-b175-7bd7927c4ea1 PHF9bydrfThVWG8qLzVccjsubw... ----------------------------------------- HTTP/1.1 200 OK L1srKXtTZ1h5KVtgVWlJdkpUOH1Wcg...
Codesealer wraps your API calls in application layer E2E encryption, preventing adversaries from crafting malicious payloads.
Encryption is automatically applied to web applications - no code changes required!
Mobile applications are protected by integrating Codesealer's SDK in a few easy steps.
Built using state of the art, high performance cryptographic protocols including X25519 key exchange and Aegis-128 authenticated encryption.
Conceal All API Endpoints
Visible APIs without Codesealer
https://your.domain.com/api/cart/item/add https://your.domain.com/api/products/search https://your.domain.com/api/account/funds/transfer https://your.domain.com/api/customer/login https://your.domain.com/admin/password/reset https://your.domain.com/oauth/v2/authorize
https://your.domain.com/~bl/x
Codesealer conseals all your API endpoints behind a single opaque endpoint, blocking all direct requests.
Lock away access to your backend behind Codesealer's strong, dynamic protection.
Codesealer doesn't rely on reactive API monitoring and alerting, we simply remove the API attack surface.
Secure Code Delivery
Code delivery without Codesealer
GET /vulnerable.dependency.js HTTP/1.1 HOST: backend.com ----------------------------------------- HTTP/1.1 200 OK !function() { "use strict"; var e, t, r, n, o, u, i, c, f, a = {}, l = {}; function d(e) { ...
GET /~bl/b/EZXPt5rW9reObblyI0RJUeTp HOST: backend.com ----------------------------------------- HTTP/1.1 200 OK fTEyTVNIImAkP2YqeCwiOzRUPjpR...
Codesealer ensures that your code is executed as intended by encrypting all Javascript transferred to browser.
Your code is decrypted and executed in a tamper-resistant environment, making it extremely difficult to reverse engineer the application.
The exact cryptographic details change with every session, increasing the required time and effort to perform an attack.
Dynamic Runtime Protection
HTML document without Codesealer
<html> <script src="vulnerable.dependency.js"></script> <script> fetch('/api/login', { method: 'POST', body: '{"user": "alice", "password": "pass123"}' }); </script> </html>
<html> <script></script> <script></script> <script data-conf="yArcIqfK...meGLNw">, var ħ = "kQq,'F[D1f?<v!7YiBtm =pWX>a;*3-5zT).c4R^"; function ǵ(ә, ħ) { var ΐ = 0, ӻ = [1, 32, 1024], ņ = 0; while (ۅ[ө(ә)] > 31) { ΐ += (ۅ[ө(ә++, -237)] & 31) * ӻ[ņ++] } ΐ += ۅ[ө(ә++, 566)] * ӻ[ņ++]; ... </script> </html>
Codesealer's reverse proxy strips all <script> tags in HTML documents, preventing attackers from accessing the application's source code.
Code is replaced by a secure 'Bootloader', establishing a highly fortified, unique runtime environment for the original application code.
The Bootloader performs tamper checks to ensure that the environment can be trusted throughout the execution.
Seamless Integration
Unparalled Security Without Any of the Hassle
Our solution requires no changes to the existing web application code and has no impact on the end user's experience.
Just deploy our reverse proxy in front of your backend infrastructure to protect your application.
For mobile applications the iOS and Android SDKs can be integrated with a few lines of code.
Run in a way that fits you: We provide a fully managed SaaS or let you host Codesealer yourself as a raw binary, Docker image, Helm Charts, and more.
Engineered for Maximum Performance
Codesealer is designed from the buttom up to have as small an impact on performance as possible.
Our reverse proxy is fully horizontally scalable, allowing you to easily adjust Codesealer to your workload.
Our end-to-end encryption is based on the high performance encryption scheme Aegis-128 which takes full advantage of modern CPU encryption instructions.
Watch our video and learn how to protect your web app
See It In Action!
Watch our demo video to see the effect of deploying Codesealer on a real application.
You can also explore the unprotected and protected versions of the application yourself. Open your browser's Developer Tools to see the effect!
Codesealer application protection in a nutshell
Codesealer protects any existing application without any code changes.
Simply deploy the Codesealer reverse proxy in front of your existing backend infrastructure.
Codesealer replaces all application code with a uniquely generated Bootloader providing a secure runtime for your code.
All application code is transferred to the browser using authenticated encryption and executed inside the Bootloader, protecting your application from inspection and tampering.
All API endpoints are concealed behind an opaque endpoint and all API requests are automatically encrypted beyond TLS, preventing request forgery and manipulation.
Our integrated WAF inspects requests sent through legitimate interactions with the application, blocking malicious payloads.
/api/login/api/transfer/api/delete
Application Code
Bootloader
Deploy Anywhere, The Way That Fits You
Packaged in many different ways, including as raw binaries, Docker images and Helm charts, allowing you to deploy in a way that suites you.
Fully cloud enabled, easily deploying into any existing cloud environments, including AWS, GCP, and Azure.
SaaS
Instantly protect your applications
Infrastructure managed by Codesealer
Configurable through our management portal
Simply change your DNS to point at our server
Self-Hosted
Deploy our proxy and management portal into your existing infrastructure
Pick the deployment model that suits you: Bare metal, Docker, Kubernetes, etc.
Fully horizontally scalable with minimal dependency on our backend
Enterprise
Get the same experience as Codesealer Self-Hosted but with all components fully in your control
Dedicated support from the Codesealer team
Codesealer Free Trial Available
Take a deep dive into the technology, get in touch with us, or try Codesealer totally free.
We have something for both managers and developers. Click below to find out about what next steps you can take.