Wednesday, June 19, 2013

CyberSecurity Resources

A question we are getting recently is: How can eValid be used to support cybersecurity work? In other words, given the very specialized needs of searching for and pinpointing cybersecurity vulnerabilities, what resources can eValid bring to the table?

For one thing, cybersecurity is a big area, involving a wide range of techniques -- static analysis, dynamic analysis, inspection, and a variety of other options. Because eValid's view is 100% client-side, its technology is only able to provide insight on how things operate from the browser, that is, at the client-side.

But that is in some ways one of the most potentially fruitful areas for which cyber vulnerability analysis can be performed.

As OWASP's section on Testing for AJAX Vulnerabilities points out, the use of AJAX "... the advent of AJAX accounts for an "...Increased Attack Surface..." because AJAX "...throws in additional ways to potentially inject malicious content." In other words, AJAX is an untapped issue in the security world.
eValid can easily handle AJAX applications, and resources inside eValid can then be used to extract the information needed to expose problems due specifically to AJAX application's asynchronous, client-server cooperative nature. So eValid seems to be a good fit for this kind of work, in an area in which it is already strong. The capabilities eValid can supply to a cyberthreat analysis effort are summarized in this CyberSecurity Resource Summary.

No comments: