Wouldn’t it be awesome if websites had the ability to morph and shift its code on a regular basis to prevent malware from attacking it? That definitely sounds like a pretty awesome idea which is currently being used by a company called Shape Security. The company’s product, called the ShapeShifter is basically a network security appliance that relies on real-time polymorphism that will dynamically change the code in a website’s user interface into random strings that will prevent malware from attacking it, essentially turning it into a moving target that is much harder to hit. While it seems like a lot is happening under the surface, the website’s UI is apparently not affected and will retain the functionality of HTML, CSS, and JavaScript, whichever is being used at the moment.
The polymorphism will allow ShapeShifter to block attacks such as account takeovers, application distributed denial of service, and Man-in-the-Browser. Apparently this is how some malware attacks websites but according to Shape Security’s VP of Strategy, Shuman Ghosemajumder, a malware attack uses “the same fundamental concept of polymorphism, but the implementation is different.” Unfortunately Shape Security’s ShapeShifter solution does not come cheap and is currently available as a hardware appliance for now, although a cloud-based version is under development, and is priced upwards of a million dollars. This means that the average joe looking to protect their website will have to look elsewhere, but websites belonging to financial institutions, health care, or major e-commerce institutions will most likely be potential clients for Shape Security.
Filed in . Read more about Security.