JavaScript security and vulnerability monitoring

Static analysis, vendor audits, and whitelists aren’t enough to protect against dynamic attacks that steal money and data.

Data Skimming Protection

ottoBox takes the time and pain out of managing the security gap for the code you don’t own.

You can’t address a dynamic problem with a static solution. otto’s dynamic protection and automated Content Security Policy create a powerful layered security strategy.

Protect the entire supply chain of your website

Not a security expert?
With ottoBox, you don’t have to be.

Request a Demo

The Incident Inbox

All of your site’s browser events, in one location.

Skimming Code Detected https://badactor.com Found on: https://protectedsite.com
  • High Severity
  • 1 Incident
  • Last Detected: Today
font-src third.party.com Content Security Policy Violation Found on: https://protectedsite.com
  • Medium Severity
  • 1 Incident
  • Last Detected: Today
image third.party.com 3rd Party Web Request Found on: https://protectedsite.com
  • Low Severity
  • 324 Incident
  • Last Detected: Today
No more issues reported

Get to know the incident inbox

Select an issue on the left and learn more about how otto categorizes the incidents and what you can do about them.

High Severity Incidents require careful review.

One example of a High Severity Incident is a Data Skimming—also known as e-skimming—attack. It's important to review these as soon as possible.

Click Block to make sure this issue gets shut down before it can cause a problem. It will always be blocked if it happens again.

Though otto may not have flagged these as imminent threats, review them carefully.

Medium Severity Incidents can come in the form of JavaScript vulnerabilities, or requests that violate your site's Content Security Policy.

Maybe this wasn't actually a problem, but you want to keep an eye on it. Click accept to allow it, but have it notify you if it happens again.

Low Severity means it's likely not an issue, but these might be of interest to you.

This example shows a 3rd Party Web Request, showing what asset was making the request and where it went. Your site probably has lots of these, but it's good to know when they happen.

You are expecting this to happen, click Ignore so you won't be alerted about it anymore.

Integrate otto with your tools

Learn more

Start for free. Setup in minutes.

See how easy it is to monitor your website with ottoBox.

Request a Demo