Fusion Lite Technology

Fusion Lite is an innovative next generation technology from iAppSecure which radically changes the way applications are assessed.

At the core of Fusion Lite is its intelligent multi-way coordination and orchestration across advanced static, dynamic and instrumentation technologies. The Fusion Lite Analyzer uses observations and analysis from each of these technologies to continuously learn and refine the understanding of application and its behavior as well as to intelligently coordinate and steer the further functioning of these technologies.

This novel approach, along with many other innovative technologies, allows it to take the power of static, dynamic and instrumentation technologies far beyond a simple sum of benefits that these technologies can offer in isolation or even with current hybrid or combination approaches. The intelligent multi-way coordination and orchestration also allows Fusion Lite, as a complete system, to overcome many of the weaknesses inherent with each of these technologies.

Fusion Lite begins by building an accurate model of the application and performs an initial analysis on it. However, this model and preliminary analysis only serve as an initial representation of the application. Fusion Lite then intelligently instruments the application based on the analysis. These steps lay the foundation for multi-way coordination and orchestration across all the technologies.

During multi-way coordination and orchestration, events such as execution of a use case trigger an iterative process within the system controlled by Fusion Lite Analyzer. The information and events received from the technologies are used to both refine a multi-dimensional model representing the knowledge and behavior of the application as well as to drive the technologies further by sending information and events to them and again the information and events received as a result are used to further trigger the entire process until no further refinement of the model is observed. This process can be highly iterative.

The ability to continuously observe, analyze and coordinate these technologies enables continuous refinement of the model representing the knowledge and behavior of the application. This enables a smarter, deeper and accurate detection of vulnerabilities and weaknesses in the application.

The capability of Fusion Lite Analyzer to transparently fuse these technologies in a unified context gives a tremendous advantage over current hybrid or combination approaches. This is possible because all the technologies are “live” at the same time and are able to continuously contribute during analysis. This in-context analysis along with advanced visualizations also strengthens the ability of an application security professional in detection of vulnerabilities possible only with human expertise.

All the technologies and components (such as static, dynamic and instrumentation) in Fusion Lite are specially designed from the ground up to participate in this larger orchestration process. Thus, their design is quite different from those of standalone technologies giving them a distinct advantage. They all operate seamlessly in a coordinated environment by sending as well as receiving information and events to and from Fusion Lite Analyzer. Also, a powerful and expressive rule language is used to combine the best of both worlds - static and dynamic (symbolic and concrete).

The intelligent multi-way coordination and orchestration from Fusion Lite opens up a world of possibilities resulting in much smarter analysis not only improving individual analyzers but the entire system. The static analyzer becomes far more accurate with innovative Guided Static Analysis (GSA) technologies such as Execution Field Analysis (EFA) and Lateral Relation Analysis (LRA). The capabilities of instrumentation are vastly expanded with technologies such as Remote Object Analysis (ROA), Differential Snapshot Analysis (DSA) and Value Hopping Analysis (VHA). The coordinated analysis as well as negative or positive findings makes the dynamic analyzer smarter and efficient by eliminating guesswork, trial and error or symptom based detection in most cases.

Fusion Lite uses a subset of technologies from Fusion, the primary research technology at iAppSecure. It is the beginning of an exciting new approach with lots of possibilities.

Fusion Lite currently supports Java and .Net platforms and languages. Certain features of the technology will be available in subsequent versions. Future versions of Fusion Lite will also offer full standalone static analysis further enhancing the capabilities. For more information, please contact iAppSecure Solutions at contact@iappsecure.com.