I first started blogging about business logic flaws back in 2006. At a time when there was an overemphasis on technical vulnerabilities such as XSS and SQLi. Issues black-box scanners could identify and the rest conveniently ignored. Many insiders knew serious vulnerabilities remained unchecked, albeit confidentially, even after a clean scan report. Bad guys could monetize heavily on the lack of visibility -- and they have, so it is no longer a secret. This type of fraud has resulted in the loss of 5, 6, and even 7 figure sums in particular instances. Organizations now want and need detection solutions on the back-end, in addition to vulnerability assessments on the front-end, capable of uncovering those taking advantage of business logic flaws.
That is where Silver Tail Systems, a new silicon valley start-up I’ve been following, comes into play. Founded by Laura Mather (Ph.D) and Mike Eynon, Silver Tail is an entire company solely dedicated to addressing what they call “business process abuse.” Basically the same as business logic flaws. If anyone has the pedigree to successfully apply technology to this problem, they do. Their backgrounds are no joke. Do not make the mistake thinking this is product is Web Application Firewall, its not. Something different entirely and more inline with business analytics with a focus on security.
“Silver Tail Forensics exposes the way a website is being used – through user, page, and IP statistics. The tool allows a business owner to explore the use of his or her site by displaying the usage of the site on a per page, per user, or per IP level. A search interface provides deep access into the activity on the website using any dimension. When suspicious activity is identified, Silver Tail Forensics enables the business user or security analyst to obtain a full understanding of the bad actors and their specific behaviors and how those behaviors differ from legitimate users.”
This is a company worth tracking and a blog worth following.