KaVaDo readies ramp-up against Sanctum

KaVaDo Inc, a supplier of application-level firewalls and scanners that has taken on $18m in venture funding and competes with application security gateway maker Sanctum Inc, is about to announce ties to a network firewall vendor.

Co-founder and CTO Yuval Ben-Itzhak, said the company had lined up an OEM deal with a big-name firewall vendor, and was busy ramping its channel, sales and support activities following its last funding round.

In terms of product development, Ben-Itzhak said the company would be working on strengthening authentication and authorization features, improving the interface between the KaVaDo product line, and building tighter integration with the Layer 7 switch level.

Unlike network firewalls that are designed to defend the enterprise network against TCP/IP attacks, KaVaDo’s suite is designed to address vulnerabilities caused by hacks at the application level. These might be by SQL commands embedded in an HTML reply, by cookie manipulation where session information set by the web application at the user’s browser is manipulated by an intruder, or where information from web requests is not validated before being used by a web application.

KaVaDo’s suite comes as three component $25,000 bundle, comprising the InterDo application-level firewall, the ScanDo network vulnerability scanner and a module known as AutoPolicy, which uses the results of ScanDo’s testing to configure the InterDo application.

When using a firewall on a network it is possible to implement rules, but there are no comparable rules for web applications because no two applications are alike. AutoPolicy helps configure the system, so that the scanner will map an application’s attributes automatically Ben-Itzhak said.

In this sense it is similar to Sanctum’s AppShield, which is said to create its own acceptable use policies by looking say at outbound HTTP traffic, and inferring from that what acceptable responses are. This can help prevent attacks such as those that attempt to exploit buffer overflow vulnerabilities.

Ben-Itzhak is an ex- member of the elite R&D intelligence unit of the Israeli Defense Forces and is also behind the newly established Web Application Security (WAS) Technical Committee steered by OASIS.

This article was based on material originally published by ComputerWire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing