Showing posts with label CyberSecurity. Show all posts
Showing posts with label CyberSecurity. Show all posts

Monday, June 8, 2020

Selected Recent Forum Posts

Here are some recent selected forum posts from our eValid forum:

Dealing with an image with a date stamp -- Think about a "fake image," which is equally as hard to deal with?

How does PageMap feature compared to the Chrome browser -- We think PageMap is simpler, and better tuned to testing Web pages!

How does eValid record and organize the data -- The playback logs are very complete, a good basis for diagnosis of problems.

Wednesday, July 31, 2019

Server Maintenance Scheduled

Our ISP has informed us that they will be performing some maintenance activities that are intended to further protect the servers from the Meltdown and Spectre security vulnerabilities.

The server software will be modified and then the server will be rebooted.

The scheduled maintenance window is:
11 PM on Friday 16 August 2019 to 7 AM on Saturday 17 August 2019

Note that eValid Commerical License users should experience no actual interruptions of service; we are informed by our ISP that the "down time" (if any at all) will be measured in seconds -- however long it takes the server to reboot.

Regular users of the Software Research websites should experience no problems other than slight delays in serving pages.

Wednesday, June 19, 2013

CyberSecurity Resources

A question we are getting recently is: How can eValid be used to support cybersecurity work? In other words, given the very specialized needs of searching for and pinpointing cybersecurity vulnerabilities, what resources can eValid bring to the table?

For one thing, cybersecurity is a big area, involving a wide range of techniques -- static analysis, dynamic analysis, inspection, and a variety of other options. Because eValid's view is 100% client-side, its technology is only able to provide insight on how things operate from the browser, that is, at the client-side.

But that is in some ways one of the most potentially fruitful areas for which cyber vulnerability analysis can be performed.

As OWASP's section on Testing for AJAX Vulnerabilities points out, the use of AJAX "... the advent of AJAX accounts for an "...Increased Attack Surface..." because AJAX "...throws in additional ways to potentially inject malicious content." In other words, AJAX is an untapped issue in the security world.
eValid can easily handle AJAX applications, and resources inside eValid can then be used to extract the information needed to expose problems due specifically to AJAX application's asynchronous, client-server cooperative nature. So eValid seems to be a good fit for this kind of work, in an area in which it is already strong. The capabilities eValid can supply to a cyberthreat analysis effort are summarized in this CyberSecurity Resource Summary.