KaVaDo Adds Web Application Scanning Capabilities To Its Arsenal Thursday 24 January 2002 PDF Print KaVaDo, Inc., the global technology leader in Web application protection solutions, today unveils its Web application vulnerability scanner, ScanDo. The new product, which comes as KaVaDo ramps up its European expansion, represents a major advance for organisations needing to safeguard their Web-enabled applications against increasingly sophisticated attacks. As IT systems are opened up to people using Web browsers, applications are open to a whole new range of vulnerabilities not countered by traditional perimeter technologies. They range from cookie poisoning and database sabotage to protocol piggybacking and stealth commanding. ScanDo mimics the actions of an experienced hacker, exposing such weaknesses in third-party and custom Web applications. Working in three stages, ScanDo first combs each application and registers its structure and contents. Next it directly probes applications for weaknesses, carrying out actual automated attacks if required. Finally, ScanDo reports its assessment and attack results in graphical and textual reports for technical and non-technical audiences. “In a rush to meet growing customer and business needs, Web applications are often deployed without the level of protection demanded by critical enterprise resources. KaVaDo provides the high-performance, flexible, and effective application-level security solutions to plug that security hole,” explained Tal Gilat, CEO of KaVaDo. “ScanDo extends our ability to meet the needs of our Fortune 500 customer base.” ScanDo already has its first UK user, London consultancy QCC Information Security* which specialises in Internet, network, e-commerce and application security. The product is used by QCC in application vulnerability testing on behalf of corporate clients. Partner to ScanDo is KaVaDo’s proven Web application protection solution, InterDo. It can be quickly configured to apply the appropriate category pipes (i.e. one pipe for cookie poisoning, one for database sabotage, etc.) to protect against vulnerabilities uncovered by ScanDo. The unique combination means security professionals can rapidly protect otherwise vulnerable Web applications. “We are continually looking for those solutions which allow us to effectively address the needs of our enterprise customers,” said Goran Kovacevic, risk management manager at PricewaterhouseCoopers. “The relationship we have with KaVaDo gives us the edge we need to stay ahead of the threats.” As the complexity of Web development technologies increases, so KaVaDo’s products can scale and grow with the needs of the enterprise. Current facilities include: · Automated scanning and testing: ScanDo performs a quick assessment of both known and unknown vulnerabilities. · Automatic and customisable Web crawler: ScanDo dynamically crawls through sites to analyse traffic and detect vulnerabilities in forms, code, scripts and CGIs. It also includes a manual attack utility that carries out surgical assaults on specific Web applications. · Utilisation of sophisticated hacking techniques: ScanDo will find any vulnerability that an intruder could use to penetrate a Website including Parameter Passing, Common File Checks, Directory Checking, Cookie Poisoning, Stealth Commanding, Backdoor and Debug Options, Data Encoding, Protocol Piggyback, Buffer Overflow Attacks, 3rd Party Misconfiguration, and Database Sabotage. These attack techniques are updated as needed to address the latest threats. · Compatibility: ScanDo is highly flexible and can assess vulnerabilities in third-party and custom-built applications. It also enables export of assessment data for processing by third-party utilities. · Reporting: ScanDo generates detailed assessment and attack reports in graphical and textual formats, for both lay and technical personnel. The reports can be customised and additional reports can be added. KaVaDo Inc. KaVaDo provides next-generation Web application protection solutions and vulnerability assessment products for the corporate market using its patent-pending Protected Path™ technology. KaVaDo technology offers a unique, effective approach to Web application protection with minimum strain on system resources, easy installation and management, and flexibility to handle a variety of applications under different environments. The company is based in New York with research and development facilities in Tel Aviv and its European centre in London. KaVaDo recently secured its second round of funding from Banc of America Equity Partners and 3i. More information on the company can be found at http://www.kavado.com . For more editorial information: KaVaDo Europe: Terry Schoen – 0207 604 4466 Sage Partnership: Kevin Fiske – 0118 9344007 *QCC: Neil Hare-Brown MSc CISA CISSP CLAS MBCS – 0207 554 9952 This press release was distributed by ResponseSource Press Release Wire on behalf of The Sage Partnership in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.