Applications and users are the weakest links in enterprise security. Tala’s innovation
transforms how we approach securing them.
Client-side vulnerabilities are the modern web’s weakest link. They’ve been a critical vector for some of
the biggest data breaches of the past two years, costing millions of dollars in fines and brand damage.
Right now, less than 1% of website operators deploy security policies capable of preventing these
attacks and customer trust on online banking and commerce is at stake.
A key driver of this major vulnerability has been the shift towards more client-heavy web applications -
the backbone of today’s rich web experience. Cross-site scripting (XSS), cross-site request forgery (CSRF),
web injection attacks, document object model (DOM)-based attacks, and many others are the cause of
countless credential theft, fraud, advertisement injection, malware advertisements, traffic re-direction
and large-scale data loss. All of these can take place in the application layer - and existing, traditional
approaches to security are inadequate.
Solving the web application vulnerability problem
At Tala, we’re on a mission to solve this critical security problem, faced by almost every business
worldwide with an online presence. We’re constantly researching, developing and re-defining the way
we address web security. And we’re delighted to share the news of our latest innovation: our patent for
the generation of an Application Information Model based on automated app analysis has been granted.
As detailed in our recent blog post Re-Thinking Application Security, to really protect an asset, you have
to know something about it and how it operates, otherwise you’re flying blind. Our latest innovation has
this concept at the core.
Where existing methodologies to protect applications rely on analysis techniques to identify already-
known vulnerabilities, this blacklist approach is inadequate because it only protects against known
attack vectors and vulnerabilities. Tala’s approach is based on the premise that, to secure an application
properly, you need to know that application. Our patented technique performs both static and dynamic
analysis on code resources and on a running instance of the application. An application information of
the application is generated - and on this basis, the security policies best-suited to protect the
application are determined.