What is AVDL? Who benefits from AVDL? Industry support and momentum current working examples Press coverage & more info How to participate  
How to participate?


How to Get Involved
Participants in the application security field - end users, vendors, and researches alike -- are invited to bring their experience and expertise to help shape the future of AVDL and the security community. Organizations and professionals are encouraged to contact the vendors they rely on for application development, deployment and security and ask them when their products will support AVDL. Security and application vendors interested in implementing AVDL in their products can obtain additional information on how to work with the specification at www.avdl.org. The OASIS AVDL Technical Committee, www.oasis-open.org/committees/avdl, is open to all interested parties.

AVDL Technical Details
AVDL provides a rich XML schema that fully describes web application security properties and vulnerabilities. The basic concept embodied in the schema is an application-level transaction, called a probe, which describes a multi-step exchange between a client and a web application server. Such probes may specify valid and expected request-response exchanges between browsers and servers, or may specify application vulnerability exploits.

The probe format allows various security devices to precisely and unambiguously communicate with each other, creating a seamlessly integrated secure web application environment at every stage of the application lifecycle - including development, testing, implementation, production and audit.

For example, a security scanner maps out the application and detects its flaws and vulnerabilities. The scanner then sends its assessment in the form of a set of AVDL probes to other security devices. The recipients, such as patch management systems or security gateways, use the AVDL input to automatically generate configuration recommendations, preventing accidental omissions and mistakes inherent in manual interventions and eliminating a significant source of security holes and operators' worries. Ultimately, the security administrators manage the process by rejecting, modifying, or approving the recommended operations.

Specification Availability
The OASIS AVDL Technical Committee has approved version 1.0 of the AVDL Specification and related XML Schema as a Committee Draft. The prescribed 30-day public review period is underway. AVDL has already begun to gather significant industry momentum with organizations from the private, government and public sectors announcing support for the specification.

© All rights reserved 2004.