eValid™ -- Automated Web Quality Solution Browser-Based, Client-Side, Functional Testing & Validation, Load & Performance Tuning, Page Timing, Website Analysis, and Rich Internet Application Monitoring.

Summary and Perspective
This page summarizes available capabilities and resources in the eValid suite that support the cybersecurity/cyberthreat area, and outlines how they can be applied to identify threats and vulnerabilities. These fall into several broad classes of analysis areas (detailed below).

The perspective here is that eValid is a test and analysis engine that: (i) establishes the state of the browser; and, (ii) delivers data about the current page (including exporting the current-page complete HTML if needed). In this sense, eValid is a framework in which security/vulnerability testing is performed, applying externally supplied search patterns and profiles.

Analysis Areas
Here is a short summary of eValid's capabilities and how they can be used in studying cybersecurity issues.

• Functional Testing: Running 100% realistic client-side tests, possibly launched in batch mode operation, to bring the browser to a particular internal state.
• Internal Page Analysis: Complete input/output access to the current DOM contents, including the ability to offload the complete HTML of a page at any time during an AJAX playback sequence.
• Server Loading: Running multiple, simultaneous browser users (BUs) to impose load on a server and amplify negative interactions arising with time-dependent behavior.
• Site Scanning: Systematically scanning all of the pages on a website to search for patterns and features that may suggest vulnerabilities.
• EPI Interface: Creating a special purpose executable program that performs fixed analysis functions and/or extracts specific information of use to external analysis engines.

Detailed Description
Complete information about eValid functions and operation is contained in the User Manual, which is available online from the eValid product interface. The material that follows outlines the capabilities various parts of the eValid Suite.

• System Generalities
  eValid is a windows desktop program structured similarly to any desktop browser. In naturally emulates the particular IE browser that is co-installed.
  • Browser Control and Setup
    The browser is controlled externally -- not from JavaScript -- via commands that perform primitive browser actions. Playback of a script (which could be recorded by eValid "from life") is from these commands, organized into a script.
    • Script Format: The script language is plain-text and very simple to read and change, as described in the Script Principles. There are over 225 separate commands in the eValid lexicon.
    • Partial Context: Part of the context of the test (mainly the window number and the frame path), either during recording or during playback, is kept in the script explicitly.
    • Playback Control: Control of the eValid browser for playback is via these commands or by the EPI interface which exploits the same commands and provides full programmatic control.
    • Parameters: Any script can be parameterized using the format $NAME, where the playback-time value of the parameter is supplied from a range of sources (see below).
  • Imitating Devices
    What the server sends to the client varies with the type of device the browser informs the server to process. This "dress" can be varied by eValid to imitate any kind of device.
    • UserAgent: The user controls how the browser presents itself to the by manipulating the User Agent String, via a spacial SetUserAgent Command that controls the device string for sub-windows of the parent window. (The parent window is the default device except if pre-specified differently.)
    • Command Line Launch: There is a special Command Line Option that specifies the user agent, so that an instance of eValid already present to imitate that specific device. The specified type of device is then treated as the default device.
  • Test Data Generation
    During test operation the values can be assigned to parameters in a script in macro-substitution mode. These parameters can arrive from the environment, or they can be generated automatically using the Test Data Generation feature that fills in values for variables from a file that enumerates all possible values, or specifies rules for their selection.
    • Random Mode: Values are selected using a normal distribution random number generator.
    • Sequential Mode: A set of playbacks running in a loop can select each combination of input values sequentially, storing the prior selection in a local file. Large numbers of combinations of any number of specified parameters can be handled.
    • External file inputs: If needed, the specified values for script playback parameters can be supplied from the outside by any means available.
• Functional Test Playback
  • Script Input/Output
    Some special facilities allow the playback script to be modified "from the outside environment":
    • Environment Variables: The set of Environment Variables supplied during playback can be set before or during a test, and can be updated at any time.
    • Reserved Variables: A set of Reserved Variables provides convenient access to key facts about the current page.
    • SaveRecord: During playback the SaveRecord Command can write intermediate results to a local file.
  • Dynamic DOM Manipulation
    During the test, as part of the test automation, there is complete access to the contents of the DOM, using a series of special purpose commands.
    • Structural Testing Commands: A special set of Structural Testing Commands allows for general manipulation of the DOM of the current page using the Element Manipulation commands.
    • DOM Searching: You can localize focus by issuing a search within the current DOM. This can be for a string, using the IndexFindElement Command or for a regular expression using the IndexFindElementEx Command.
    • DOM Manipulation Resources: The special parameters sourceIndex and elementValue are internal representations of the current index pointed to, and the current value of a property (extracted or inserted). In this context the tester/analyst has these DOM Value Manipulation capabilities.
    • DOM Input/Output: At any point in the script the user can program DOM Input/Output Operations to read/write to the current DOM from external resources.
    • Injecting Events into the DOM: If needed the IndexElementEvent Command can inject ANY event (including impossible events) into a DOM element.
    • Test Playback Synchronization: To assure synchronization at playback time, eValid uses a proprietary combination of internal signals to achieve normal navigation synchronization. In the case of AJAX, eValid runs a wait loop to achieve Synchronization On Visible Text or to achieve Synchronization On DOM Element.
  • Interactive Debugging
    • Breakpoint/Pause Playback: The Breakpoint command, or use of the Pause button, stops playback and leaves the browser open to manual input.
    • Live browser with Detailed Timings: When paused, if Detailed Timings option is ON, the user can see in the EventLog the individual files transmitted to the browser from the server.
    • PageMap Display: At any time the contents of the current page's DOM can be seen in the PageMap display.
  • Intra-Playback and Post-Playback Analysis
    • TraceURL: To extract the actual sequence of URLs delivered to the browser there is a URL Trace facility that creates a sequence of GETs in order of completion by the browser.
    • Saved HTML: The SaveHTML and SaveFullHTML commands record the current contents of the page into a local file for external analysis. This file is in a format suitable for re-rendering by the browser if necessary.
• Additional Capabilities
  • Server Loading
    eValid can be launched multiple times, each possible with a different playback script, to impose high load on a server. This approach is highly scalable because there is very low driver overhead.. The LoadTest mode can launch ~100 Browser Users (BUs) per Window user account, and ~1,000 per Windows driver machine. There are several small-footprint playback only agents available, and a unified LoadTest Monitor to track individual BU activity.
  • Whole Site Scanning
    The ability to scan a website systematically according to pre-specified page selection criteria is included in the Site Analysis facility. An important feature is the ability to scan every visited page for matches of a regular expression in the complete HTML of the page.
  • eValid Programmatic Interface [EPI]
    For direct programming there is a C-C++ Programmatic Interface which interfaces through standard eValid commands. This capability allows easy integration of eValid activity with other forms of client-side page analysis.