Digifort

You have a firewall.
But what about the fire alarm?

Triggerfish is a service that detects web-based attack attempts, vulnerabilities and application errors early on. Yet Triggerfish does not just respond to obvious attack attempts. It can also detect if someone is behaving suspiciously. It’s like the monitoring system at a casino. Your firewall is a security perimeter that keeps unauthorized entities out of the building. Triggerfish is a monitoring system which has an alert that goes off if someone seems to be trying to cheat or manipulate the game.

If an attacker has no prior knowledge of an application, usually they are testing blindly in order to detect a failure to exploit. This can be done more or less discretely and can be difficult to detect without full knowledge of the underlying application.

The advantage of Triggerfish is that it is integrated into the application and therefore can more easily detect if someone tries to use the application wrongly or in an unnatural way. Its location also means Triggerfish does not have to carry out protocol interpretations, unlike an IDS or firewall application. This is a major plus because protocol interpretations are a major source of error that are often exploited by attackers to get in under the radar. The integration also means that Triggerfish can easily react to events such as logins and logouts or application errors in the application.

Triggerfish will help you discover attack attempts, vulnerabilities and application errors.

Attack attempts
Triggerfish discovers web-based attacks that occur against your application, such as SQL injections, cross-site scripting and catalogue traversing. Yet it also notices if someone tries to look for files in line with the behaviour of an attacker, or if someone tries to circumvent application controls in order to gain access where they are not supposed to be granted access. In addition, Triggerfish discovers automated signals – i.e. if a visitor tries to explore the application in an unnatural way or uses some type of anonymizer service such as TOR.

Vulnerability detection
Triggerfish can also detect vulnerabilities in your application. A larger site is under constant attack, even if most attacks are relatively harmless. If a vulnerability that can be exploited is identified by an attacker, Triggerfish’s alert will warn about this.

Application errors
No matter how much the web application is tested during development, it is likely that some application errors do not reveal themselves until the application is implemented. Application errors which at best are merely annoying for the visitor and at worst are a potential security hazard. Therefore, Triggerfish also detects all the application errors that occur in your web application and presents them in a comprehensible format. It provides developers with a good opportunity to fix them before more visitors suffer, without having to do detective work in the form of manual correlations and sorting out duplicates.

Please contact us at triggerfish@digifort.se to gain access to our Triggerfish test environment.