Protect Your Customers Against

Removes attack surface. Pixel perfect clarity. Apps behave normally.

Book a live demo

a google Ventures company

Introducing

A proactive defense to enhance security, protect customers, and earn trust.

MirrorTab’s hologram technology streams secure virtual representations of web applications, isolating customer interactions, obfuscating data and APIs from client-side security threats.

How We Do It

Client-side Isolation

We create a virtual air gap between web apps and end-users accessing them to enhance security.

Pixel Streaming

We stream pixels instead of Document Object Model (DOM) elements, removing the attack surface against threats.

Deployed Server-side

We maintain a frictionless user experience, with no client-side behavior changes or web app modifications required.

Instantly Secure Your Customer Experience

We protect against client-side threats that static and dynamic application security testing cannot detect, and we support external use cases where you do not control the end-user's device to enforce Remote Browser Isolation (RBI).

Easily Deploy Without Touching Code

We offer a simple configuration process without writing or adjusting any code. It is quick and easy to transition by pointing to our secure hosting to deliver your web app content without the security risks.

We enable you to protect your customers against client-side attacks.

Bad actors access and manipulate your customer’s DOM in their browser for client-side attacks on your web app. By removing access to the DOM we prevent data scraping, API manipulation and remove the attack surface for code injection.

Data Scraping

Data is clearly visible in the DOM as plain text and code as it gets processed in the browser, and can be easily accessed and stolen from client-side attacks by bad actors.

Stop Data Scraping

Keep your customer's data secure. No elements for DOM-based data scraping.

API Manipulation

API calls, credentials, session tokens, and network activity are clearly visible in the DOM, and if they are not properly engineered, protected, or maintained, bad actors will take advantage.

Prevent API Manipulation

Keep bad guys from getting under the hood. No visible API calls to be manipulated.

Code Injection

Malicious actors use client-side code injection to interact with DOM elements, residing as a browser extension or a trojan to orchestrate malicious activity on the user’s behalf.

Thwart Code Injection

Keep customers secure even if web sessions are infected. No attack surface for malware.

We Remove the Client-side Attack Surface for Web Applications

We stream pixels instead of DOM elements for web applications. This allows end-users to interact with more secure virtual representations of an application.

Web Apps With and Without Client-side Protection

See how client-side protection works for end-users in various web applications.

Client-side Attacks Are Growing Rampant

DOM-based attacks insert malware to intercept and change the data exchanged between the end-user’s browser and the web app they are interacting with to steal sensitive information.

SilentBanker

SilentBanker is a trojan on stealing banking credentials and intercepting online transactions by injecting malicious code into the communication between the user's browser and the targeted online banking site.

DarkTequila

DarkTequila is known for targeting users in Latin America. It is capable of stealing sensitive information, including banking credentials and personal data, and it utilizes advanced evasion techniques to avoid detection.

Betabot

Betabot is a banking trojan that has features for stealing credentials, including the ability to inject malicious code into browsers. It has evolved over time and is capable of various malicious activities.

Emotet

Emotet is a modular trojan that can act as a delivery mechanism for other malware. It is known for its polymorphic capabilities and is often involved in distributing banking trojans and other malicious payloads.

Shifu

Shifu is a banking trojan that targets financial institutions. It is known for its advanced capabilities, including the injection of malicious code into browsers to conduct man-in-the-browser attacks.

Zloader

Zloader (aka Terdot) is a banking trojan that shares similarities with ZeuS. It is designed to steal banking credentials and personal information by injecting malicious code into web browsers during online banking sessions.

URLZone

URLZone (aka (Bebloh) is a banking trojan that injects malicious code into web pages to modify online banking content. It is designed to steal sensitive financial information and login credentials.

QakBot

QakBot (aka Qbot) is a banking trojan that focuses on stealing financial information. It often uses sophisticated techniques, including the injection of malicious code into web browsers to intercept and manipulate online banking transactions.

Pony

Pony (aka Fareit) is a versatile trojan that often serves as an information stealer. It is known for its capabilities in stealing various types of credentials, including usernames and passwords from applications and websites.

Nigelthorn

Nigelthorn is a cryptojacking campaign to inject malicious code for cryptocurrency mining purposes to hijack the users' CPU power to mine without the knowledge or consent of users.

DataSpii

DataSpii is a privacy and security issue related to browser extensions collecting and exposing sensitive user data with seemingly legitimate extensions that users voluntarily install with hidden features.

Trickbot

Trickbot is a trojan that has a modular structure, allowing attackers to add or update functionalities dynamically making it a persistent and challenging multifaceted threat with various capabilities.

Dridex

Dridex (aka Cridex, Bugat, or Geodo) operates as part of a botnet infrastructure to conduct man-in-the-browser attacks where it injects malicious code into the victim's web browser.

Dyre

Dyre (aka Dyreza) is a trojan with advanced features to conduct man-in-the-browser attacks to steal usernames, passwords, and other authentication details.

Neverquest

Neverquest (aka Vawtrak) is a trojan that injects malicious code into browsers, allowing it to modify and manipulate online banking pages to capture login credentials and account details.

Tinba

Tinba (aka Tiny Banker or Zusy) is a trojan known for its small size, making it difficult to detect, and is able to inject malicious code into the web browsers of infected systems to capture sensitive data.

Ramnit

Ramnit is a trojan with advanced features to stealthily capture login credentials, harvest credit card details, and collect data to compromise the privacy and security of individuals.

Carberp

Carberp is a banking trojan with advanced features to capture login credentials, credit card information, and other sensitive data entered by users during online banking sessions.

Torpig

Torpig is a trojan and botnet designed to steal sensitive information, such as login credentials, credit card numbers, and email account details from Windows-based systems.

Gozi

Gozi is a trojan known for its advanced web injection techniques for multiple attack vectors, including banking fraud, eCommerce fraud, ransomware, and compromising POS devices.

Citadel

Citadel (aka KINS) is a trojan that targets password managers and is equipped with additional features, such as the ability to record video of the victim’s screen and an advanced keylogger.

SpyEye

SpyEye is a banking trojan with advanced features, like auto-fill credit card tools and the ability to spoof HTTPS access and grab information across FTP and POP3 protocols targeting browsers.

ZeuS

ZeuS (aka Zbot) is a highly customizable banking trojan that targets Windows-based systems, designed to steal sensitive data, it includes tools like keystroke loggers and form grabbers.

We Provide Unparalleled Client-side Defense

We protect end-users against client-side attacks as they access web apps, effortlessly securing customer interactions and preserving trust in your services.

We protect against:

DOM XSS

Open redirection

Cookie manipulation

JavaScript injection

Document-domain manipulation

WebSocket-URL poisoning

Link manipulation

Web message manipulation

Ajax request-header manipulation

Local file-path manipulation

Client-side SQL injection

HTML5-storage manipulation

Client-side XPath injection

Client-side JSON injection

DOM-data manipulation

How It Works

We insert a virtual air gap between your customers browser and web app. The browser session happens server-side in a secure hosting environment. Customers interact with an abstracted version of the web app streamed as pixels client-side.

Web app behaves like normal and content is presented accurately.

We render web content interactively to navigate without impacting the end-user experience or performance.

Improves performance over low bandwith connections.

*Example using a web content heavy site.

Speed Test on:

Download: 11.1 Mbps

Upload: 744 Kbps

Incued Earns Customer Trust by Enhancing Web App Security

MirrorTab provides an important layer of security for our customers (VCs and Startup founders), giving them peace of mind that their financial data is secure with our web app dashboard and reports.

Ameer A.

CTO & Co-Founder at Incued

About Us

Founded by the founders of Honey (acquired by PayPal).

Built by an all-star team of engineers from:

We're the brains behind Honey, the world's most valuable browser extension (acquired by PayPal), leveraging the DOM (Document Object Model) to make online shopping smoother with automatic coupon codes at checkout.

Our mission is now on safeguarding customers against client-side attacks as they access web apps. We’ve developed technology to effortlessly protect customer interactions, ensuring security and preserving trust in your services.

We assist companies in diverse industries addressing a common issue with client-side security risks with varied motivations.

Ensure customer trust and avoid unflaterring headlines:

“Staples hit by cyberattack during critical Cyber Week sales push.”

“Hackers are increasing attacks on Booking.com customers offering up to $2,000 for login details.”

“Customer fraud is flourishing on Zelle. The banks say it’s not their problem.”

“Ticketmaster falls victim to worldwide digital card skimming attack.”

“Hackers hijack Citrix NetScaler login pages to steal credentials.”

“23andMe tells victims it’s their fault that their data was breached.”

Insurance

Insurance customers accessing web apps face the risk of personal policy details being scraped, APIs manipulated, or malware injected, compromising the confidentiality of their insurance information.

Financial Services

Financial services customers are at risk of data scraping, API manipulation, or malware injection, jeopardizing the security of their personal accounts and transactional information during online interactions.

Human Resources and Payroll

Clients engaging with HR and payroll web apps are vulnerable to data scraping, API manipulation, or malware injection, putting their sensitive employment and payroll details at risk.

Healthcare

Patients accessing healthcare web apps face the threat of data scraping, API manipulation, or malware injection, jeopardizing the confidentiality of their medical records and personal health information.

News and Media

Readers interacting with news and media web apps are susceptible to data scraping, API manipulation, or malware injection, risking the compromise of their preferences and potentially exposing them to deceptive content.

Independent Software Vendors

Users of software applications are at risk of data scraping, API manipulation, or malware injection, compromising the integrity and security of their software usage patterns and sensitive information.

Retail and E-commerce

Online shoppers are vulnerable to data scraping, API manipulation, or malware injection, risking the exposure of their purchase history and personal information during interactions with retail and e-commerce web apps.

Real Estate

Clients engaging with real estate web apps face the risk of data scraping, API manipulation, or malware injection, compromising the confidentiality of their property listings and real estate transactions.

Travel and Entertainment

Customers accessing travel and entertainment web apps are at risk of data scraping, API manipulation, or malware injection, jeopardizing the confidentiality of their travel itineraries and booking details.

Government and Military

Citizens interacting with government web apps face the risk of data scraping, API manipulation, or malware injection, compromising the confidentiality and security of their sensitive information.

Digital Advertising and Networks

Users exposed to digital advertising are susceptible to data scraping, API manipulation, or malware injection, risking the exposure of their preferences and potentially being targeted with malicious content.

Social Networks

Social network users face the risk of data scraping, API manipulation, or malware injection, compromising the confidentiality of their personal profiles and interactions within the social platform.

Our technology is the most immediate way to lower client-side security risks and proactively shield your customers against the latest DOM-based attacks and fraud schemes across all industries.

Schedule a Demo

Protect Your Customers Against Client-side Attacks

Book a live demo