Monster in the Browser

A guide to helping you uncover and eliminate client-side risks.

Meet some of the monsters making off with your data.

From malicious code, to data skimming, to invasion of privacy...monsters in the browser come in all shapes and sizes. Meet some of the most common monsters and hear what they have to say.

I used to send out phising emails, but digital skimming is so much faster.

// Slim "Skim" Monster

Using digital trackers I can build a digital profile of any user globally.

// All Seeing Monster

Injecting malicious code into the npm registry is easier than stealing candy.

// Eddie Injector Monster

What You'll Learn

An Intro to Client-Side Security

A look at how we got here - why existing application security tooling and security controls aren't designed to handle this new layer of (client-side) risk.

Read Now →

Gearing Up for Monster Hunting

Before we can go monster hunting, we need a clear approach to client-side security and to understand the different elements of the client-side to consider.

Coming Soon

Finding Monster Food

How to identify data assets across your application portoflio because your sensitive data makes the best monster food of course.

Coming Soon

Hunting Monsters in the Wild - Part I

It's time to start hunting for monsters across your application (attack surface) and classify the findings based on risk level to the business.

Coming Soon

Hunting Monsters in the Wild - Part II

Let's go hunting for monsters again! This time we will wear our special "privacy lenses" looking for unique monsters that cause privacy issues.

Coming Soon

Building Trust & Making Friends

We have our findings, it's time to go make friends. Let's start assembling our trusted third-party supply chain along with our peers.

Coming Soon

Monster Security Protocols

Lock it down! Let's look at enacting some (client-side) security protocols to keep monsters out and remain secure.

Coming Soon

Eliminating the Breeding Ground

Security protocols help keep us safe, but it doesn't eliminate the problem. Let's eradicate these monsters at the source by destroying their breeding ground.

Coming Soon

About the Author

I'm Damian Tommasino - Principal Security Engineer and Expert Monster Hunter. I've been in the cybersecurity industry for well over a decade and have worked with a wide range of companies from startup to Fortune 500. I wrote this guide to help others better understand the client-side security space and the growing risks within it. When I'm not hunting monsters, you can find me talking and writing about cybersecurity over at LinkedIn.

Come Along for the Ride

Instead of shipping this as a huge book in a single release, I decided to write this as a guide in public so others can follow along. You can follow along on LinkedIn to be notified of new content or check back here.