Yonita Web Scanner United States Poland

Transcription

1 July 2011 Yonita Web Scanner United States 800 West El Camino Real, Suite 180 Mountain View, CA Poland 1 Nicejska Street 115 Warsaw, PL

2 Company Overview Yonita, Inc. California s Corporation Directors Dr. Andrzej Bartosiewicz, CEO Patrycja Wegrzynowicz, CTO Offices United States 800 West El Camino Real, Suite 180 Mountain View, CA Poland 1 Nicejska Street 115 Warsaw, PL

3 Dynamic Verification YONITA WEB SCANNER

4 Hacker Attacks - Examples A successful attack against a company s site or an online application results in the wide spectrum of negative consequences Recent examples Sony PlayStation Network, RSA, Lockheed Martin, International Monetary Fund (IMF), Citibank, Nintendo and many more

5 Cost of Attacks On The On-line Apps. Direct costs Cost of stolen, compromised, or otherwise degraded data Business interruption Restoration of an IT infrastructure Indirect costs Loss of reputation and damage to the brand Loss of customers Lower long-term sales Raising the cost of capital in the long-run

6 Overview Yonita Web Scanner is aimed at detecting security vulnerabilities in web sites and online applications. Yonita Web Scanner performs dynamic verification of web applications based on automated tests generated by the Smart Test Generator and Randomized Data Generator.

7 Main Threats Detected by Yonita Web Scanner Defects in authentication and authorization Defects in session management Cross-site Scripting (XSS) Cross-site Request Forgery Defects in forward and redirect mechanisms Content spoofing Buffer overflow Script injection OS command injection SQL injection CRLF injection Direct object references

8 Components Smart Test Generator Randomized Data Generator Creates a test suite based on the automatically discovered structure of a web application (heuristics based on dictionaries, thesauruses, ontologies + preconfigured forms) Provides input data to the generated test scenarios to cover various execution paths and security vulnerabilities.

9 From User Perspective Choice of Service Type (Package) Payment by End-User URL of an on-line application entered by End-User Report send via e- mail by Yonita or Partner

10 Configuration Flexibility CONFIGURATION, PACKAGES, VARIANTS

11 Configuration Flexibility #1 Yonita Web Scanner can be tailored and customized according to the specific requirements and expectations of our Partners and their Customers. Yonita offers flexibility in configuring the following features of the Web Scanner: Single scan on request or automatic scheduled scan (weekly, monthly etc.) Reporting: Web report and/or report by with optional SMS notification History: 1 month, 3 months, unlimited Functionality: Full or limited scope of the scan (selected features)

12 Configuration Flexibility #2 Usage Based configuration Number of subpages (i.e , , unlimited) in a single scan Accuracy: total number of different requests in a single scan, Up to 25,000 (standard), 100,000 (medium), or 250,000 (high) requests per page, Each request consist of a different set of data generated by Randomized Data Generator.

13 Parameters Single # of scans Subscription (weekly) Reporting web SMS History Functionality 1 week 1 month unlimited Full Limited Usage # of subpages Accuracy Standard Medium High

14 Sample Configuration Packages Demo Standard Business Professional Single scan Limited scope Output: web # of subpages: 100 Standard Accuracy Single scan Limited scope Output: web, pdf # of subpages: 500 Medium Accuracy Single scan Full scope Output: web, pdf, # of subpages: unlimited High Accuracy Subscription (weekly, scheduled scan) Full scope Output: web, pdf, SMS-notifications # of subpages: unlimited High Accuracy

15 Packages v. Parameters Partner can provide end-users with: standard packages (recommended) or define it s own packages based on parameters specified (history, functionality, accuracy, reporting, subpages, accuracy)

16 Configuration Flexibility LICENSING AND PARTNERSHIP

17 Cooperation & Licensing SaaS hosted by Yonita (recommended) or Partner (for very high volume deals only) Available in: White Label model branded as Yonita Affiliate Program B2B interface between Yonita and Partner Can be fully integrated with Partner s Panel Revenue Share model Pay Per Use

18 White Label Branded by Partner with its name and logo. The end-user is not aware of the existence of Yonita, Inc. The Partner is responsible for payments and invoicing There is no direct communication between Yonita and Users. Reports are sent by Partners All communication between the Partner and Yonita is conducted via automatic B2B interface 50/50 Revenue Share

19 Branded by Yonita The User purchases a service branded by Yonita The Partner is responsible for payments and invoicing The Partner sends requests using B2B interface, but output reports are sent to end-users directly by Yonita 40/60 Revenue Share

20 Affiliate Program The User is redirected (together with affiliation program ID) by the Partner to the Yonita store ( to purchase a scan Package choice, URL entry, and additional credentials are provided directly by the User at the Yonita.com web page Yonita is responsible for payments and invoicing The Partner is paid based on purchased scans and the terms and conditions of the agreement 30/70 Revenue Share

21 Comparison

22 Pricing (example) Partner together with Yonita defines the optimal end-user price Suggested retail prices: Standard Package: 6-8 USD Business Package: 34 USD Professional Package: 129 USD / month for 3 month contract 99 USD / month for 3-12 month contract 79 USD / month for 12+ month contract

23 Partnership Partners Support Technical and Sales Support for Partners Evaluation & Demo Versions, Beta-Previews Latest versions first available for Partners B2B interface Quality Quality Certificate guaranteed by Yonita Trainings Courses and Consulting provided by Yonita

24 Andrzej Bartosiewicz, CEO Patrycja Wegrzynowicz, CTO Sales Support Partnership