The Web    Google
KaVaDo Updates Application Security Software

KaVaDo Updates Application Security Software
May 23, 2002

KaVaDo, Inc. this week announced InterDo 2.5, adding its patent-pending AutoPolicy technology to the application layer security product.

KaVaDo concentrates on providing protection at the application layer, by preventing events and behaviors that do not follow an applications designed purpose.

InterDo prevents against a range of Web application attacks, including database sabotage, buffer overflows and cookie poisoning, that are not defended by firewalls and intrusion detection systems.

The AutoPolicy feature within InterDo 2.5 allows KaVaDo's vulnerability scanner, ScanDo, to automatically create or update InterDo's protection policy. ScanDo scans applications, mimicking advanced hacker techniques, to determine areas that may be exposed to attacks. Now ScanDo can send this information directly to InterDo to automate the process of creating or updating the necessary levels of application protection.

The 2.5 release also protects against advanced hacker techniques that exploit HTTP methods, file uploads, Web services and SOAP.

"Applications that use Web services can open holes," said Tal Gilat, CEO of KaVaDo. "We can make sure that the application is only allowed to use the service that it was intended to utilize and nothing more." Some effort is required to configure and "train" the product, such as by defining application privileges to it.

InterDo 2.5 costs $15,000 for a single software license, or $20,000 for an "appliance" version that runs InterDo on dedicated hardware also provided by KaVaDo. The software runs on Windows NT and Sun Solaris operating systems.

Other enhancements in the 2.5 release include better administration support, a more intuitive user interface, a wizard-driven management consoled, multi-language features, encrypted certificate storage, dynamic performance graphs and an administrators' authorization systems.

The privately held KaVaDo, with U.S. headquarters in New York City, was founded in February 2000. The company has 40 employees. R&D is based in Israel.

The company chose to concentrate on protecting applications because they are often the weakest link in a company's security system. Gilat cited Gartner research that states that over 70% of all hacking attempts are done at the application level. "It's the easiest way to attack," he said. "All you need to do is go in through the Web browser."

  • 4/29: Bropia-AJ Worm Messages IM Users
  • Author of Zafi-B Worm Trailed to Hungary
  • Biometrics Makes Passwords Positively Paltry
  • 7/13: Rbot-DL Empowers Remote Users
  • 7/19: Rbot-DX Spreads to Remote Shares
  • 3/30: Kelvir-F IM Worm Sends Message
  • Bagle-BK Worm Downloads Code
  • 5/17: Vidlo-J a Downloading Trojan
  • 5/11: Ifbo-A Worm Exploits LSASS Flaw
  • 4/6: Randex-DFJ Worm Attacks Passwords
  • Macromedia, RealNetworks Release Patches
  • Discussion on Security Camera