KaVaDo, the technology leader in Web application protection whose European headquarters is in London, announced today that security specialist LODOGA has adopted its advanced Web application scanner, ScanDo, to assess the security levels of customers' application environments.
LODOGA, with clients in the airline, pharmaceutical, retail and government sectors, has already used ScanDo to test more than 50 high-value transactional Web sites - exposing the potential for loss of revenue, damage to corporate or brand reputation and even prosecution of company officers under the UK Data Protection and Companies Acts.
"The UK has shown an increasingly high demand for Web application security in the last year. Companies there are progressing very quickly in their use of the Internet, and government regulations and increasing threats have raised the concern over Web-based attacks," says Tal Gilat, CEO of KaVaDo. "LODOGA is a great partner for us and provides much-needed education for its large client base on the importance of products like ScanDo for protecting the critical application layer."
LODOGA's managing director, James Spooner says "ScanDo has given the consultancy a powerful weapon in the fight against hacking. Over 70% of Web site attacks are at the application layer. ScanDo makes us uniquely able among UK consultancies to show clients exactly where their sites are vulnerable and then help protect them."
The most common vulnerabilities identified by LODOGA through its use of ScanDo stem from incorrect site configuration, including failure to apply all available updates and patches. "Incorrect configuration not only makes the application environment much more susceptible to attack, it also raises the probability that visitors will cause damage by mistake," says Spooner. "However, my sympathies are with site operators. Many patches are not simple to install in the real world, and if your site is large then so is the scale of your problem."
The second most common weakness is a vulnerability to parameter tampering - a process where parameters' value in a Web page are deliberately changed and then submitted to the remote server. "One common technique is to change product prices or quantities, but changes to access privileges and the way the application actually behaves are also well documented," comments Spooner.
Errors in application code represent the third most common vulnerability, enabling Web site visitors to circumvent the designed workflow. Spooner: "If customer information is exposed, for example, then the directors of the firm are personally liable to prosecution. That's added to the risk that your site visitor might find information of commercial or competitive value."
ScanDo analyses the complete structure of Web applications by emulating the behaviour of real-world users. It then probes the entire Web application environment to pinpoint vulnerabilities and to assess its level of risk. ScanDo then reports its results in graphical and textual formats for both technical and non-technical audiences.
LODOGA evaluated three competing Web application scanners, running each of them against Web applications with known vulnerabilities, and then compared results. "Our choice was very clear," says Spooner. "ScanDo was much faster, wholly accurate and is very robust. It has the added bonus of being very tightly interfaced with KaVaDo's Web application firewall, InterDo."
ScanDo can interface with InterDo to automatically generate an optimised positive security policy to protect Web applications. "That makes a configuration job that might take anything up to several weeks with another solution, possible in a fraction of the time," confirms Spooner.
The value of another ScanDo feature became clear when it was deployed on a large site for the first time. "ScanDo enables you to stop and re-start a scan without losing information. That means that if we find, for example, multiple vulnerabilities to injection of rogue SQL commands, then we can stop right where we are and bring in our SQL expert. The largest site we've worked on to date had nearly 10,000 pages. But no matter how big the job is, ScanDo performs remarkably well and gives us all the information we need to fix potential problems."
Further editorial information:
James Spooner, LODOGA
44 1753 607 000
Kevin Fiske, the Sage Partnership
+44 1189 344 007
This press release was distributed by ResponseSource Press Release Wire on behalf of The Sage Partnership in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.