TDI Labs: WebSeal


Security experts agree that over two thirds of all successful security compromises of an enterprise occur through a publicly accessible web application. TDI has the resources and expertise to provide cost-effective and continuous web application security assessments.

The evolution of the security field has seen its share of major entry points into an enterprise's network. At the beginning, almost all attacks and compromises were occurring at the lower levels of the network stack due to the multitude of vendor implementations and lack of standards. With time, as the industry matured and security standards were put in place, the focus of hackers has shifted to the next frontier of attacks at the higher levels of the stack. Currently, the greatest number of attacks occurs at the application layer, and in particular with applications on the World Wide Web. Web applications account for more than 70% of the total number of reported compromises in enterprise security.

One of the reasons for the increase of attacks at the application layer is that - unlike the older attacks at the lower level of the network stack that were remediated through standardization - web application security cannot be easily standardized. The reason is that in a web application, security depends on the skills of the developers that put it together, and standardizing on secure programming skills amongst the vast array of developers and programs is difficult. TDI has extensive expertise in both fields - i.e. assessing the frontend security of web applications as well as advising and implementing secure programming so that vulnerabilities do not make it to public facing applications at all.

Implementing continuous web application security monitoring is a complex process due to the dynamic nature of the web and it poses a significant cost burden on enterprises in terms of assigning security staff to monitor the applications. TDI is developing WebSeal: an efficient, automated, and cost-effective mechanism that provides the optimal balance between the specialized expertise of a human security professional, and the low-cost automated convenience of a programmatic tool. As a result of implementing WebSeal on your organizationís public facing website(s), your enterprise will receive a certification seal indicating the presence of a web application security assessment and monitoring solution, and providing comfort and "peace of mind" to visiting customers and partners that the application they are dealing with has undergone security testing to improve its posture and better protect the customer data.

For more information on this product and its upcoming release, please leave your contact information via the "Contact Us" page on this website.