eEye Digital Security plans to add Web application security scanning to its portfolio -- the company's first foray into the Web vulnerability space.
Marc Maiffret, CTO and chief hacking officer at eEye, said in an interview today that the company would be entering the Web app security space "soon." "It's a natural progression for us to add Web app scanning," says Maiffret, who wouldn't divulge details of the new offering.
Web app vulnerabilities top the charts in the Common Vulnerabilities and Exposures (CVE), with cross-site scripting and SQL injection as the top two of the most prevalent bugs reported. Security experts say nearly all Websites carry some XSS vulnerabilities, for example (See Bug Disclosures Decline.)
"You can scan for missing patches and vulnerabilities, but you also need to know there's a SQL injection [flaw] as well," Maiffret says.
eEye has been busy expanding its security offerings. Its first hardware-based offering, an all-in-one appliance, ships this month. The company also recently launched a security intelligence service called Preview, which includes a portal-based service, and more customized services that give customers a heads up on undisclosed vulnerabilities and threats. (See eEye to Enter Security Services .)
Kelly Jackson Higgins, Senior Editor, Dark Reading