A question we are getting recently is: How can eValid be used to support cybersecurity work? In other words, given the very specialized needs of searching for and pinpointing cybersecurity vulnerabilities, what resources can eValid bring to the table?
For one thing, cybersecurity is a big area,
involving a wide range of techniques
-- static analysis, dynamic analysis, inspection, and a variety of other options.
eValid's view is 100% client-side, its technology is only able to provide insight
on how things operate from the browser, that is, at the client-side.
But that is in some ways one of the most potentially fruitful areas for
which cyber vulnerability analysis can be performed.
As OWASP's section on
Testing for AJAX Vulnerabilities points out,
the use of AJAX "...
the advent of AJAX accounts for an "...Increased Attack Surface..."
"...throws in additional ways to potentially inject malicious content."
In other words, AJAX is an untapped issue in the security world.
eValid can easily handle AJAX applications, and resources inside
eValid can then be used to extract the information needed to expose
problems due specifically to AJAX application's asynchronous,
client-server cooperative nature.
So eValid seems to be a good fit for this kind of work,
in an area in which it is already strong.
The capabilities eValid can supply to a cyberthreat analysis effort
are summarized in this
CyberSecurity Resource Summary.