11.05.2020

Bubblewall Background: Study and Analysis of Other Platforms

In order to create the innovative platform that constitutes Bubblewall, our team has had to document and analyze what other technologies or platforms had similar characteristics to add the distinctive touch that makes unique and original this platform: Artificial Intelligence. What have been the references taken?

 

The previous analysis focused on traditional antivirus companies such as Kaspersky Lab, Panda or BitDefender. However, it was found that none of them had an intended for IoT cloud security software.

 

It is relevant to note that the Internet of Things market is currently in the design phase, so not many companies dare to use it or provide security services in this environment. Much less, thinking of platforms based on Artificial Intelligence. In any case, security is controlled from the own platform, with the most important vulnerabilities becoming the true Achilles heel of them and the major problem facing the market.

 

So, in addition to traditional companies, a study of source code analyzers was carried out, although none of them presented AI as a true engine of change. These were some of the platforms and conclusions that were drawn:

 

SonarQube is a platform that allows us to perform code analysis with different tools in an automated way. It is free software and uses various static source code analysis tools to obtain metrics that can help improve the quality of a program's code. Currently, the platform supports more than 20 programming languages. In this sense, it would act as our level 1 analysis, since it does not have AI nor is it oriented towards the IoT ecosystem.

 

Orizon is a source code security scanner designed to detect vulnerabilities in J2EE web applications, Android code, and generally in code written in Java. It is very limited, since it only has this programming language as a reference and does not have AI.

 

EvoSuite applies an hybrid approach that generates and optimizes comprehensive test suites to meet a coverage criteria, allowing the developer to detect deviations from expected behavior and capture current behavior to protect against future flaws that break this behavior. However, despite its advantages, it is not oriented towards the IoT environment nor does it have AI.

 

LAPSE + is a security scanner to detect unreliable data injection vulnerabilities in Java EE applications and is very focused on this programming language, not applying AI, nor oriented to the Internet of Things.

 

O2 Platform is a collection of open source modules that help web application security professionals maximize their efforts and obtain high visibility of an application's security profile. It is designed to automate the knowledge and workflows of security consultants and allow non-security experts to access. Still, it doesn't apply AI or focus on the IoT.

 

WAP is a tool that detects and corrects input validation vulnerabilities in web applications written in PHP and predicts false positives. The PHP-centric tool combines static analysis of source code and data mining to detect vulnerabilities and predict false positives, subsequently correcting the source code to remove the actual vulnerabilities by inserting fixes in the right places in the code. However, it is not IoT oriented.

 

With all this background, it became more necessary the development and implementation of this platform in the current market.