/ava

AVA - Human Vulnerability Scanner (Core)

Primary LanguageCSSGNU General Public License v2.0GPL-2.0

ava-large

Build Status Coverage Status

Visit our homepage, join our mailing list or get an invite to our slack community. The AVA slack community is the central place to meet other contributors, get help/support and discuss new features/bugs. Please email hello@avasecure.com for an invite.

For step-by-step instructions on how to download and run ava, please read the Installation Guide. For more information see Ava Documentation.

AVA is looking for collaborators

We are on the look out for testers, Django/Python developers, documentation folk, graphics wizards, and UX people to help make AVA awesome. If you have some spare cycles and want to contribute get stuck in.

Project Status

This project is under heavy development and should be considered unstable. A stable release should be expected in August 2015. Please use the mailing list or issues tracker to report issues.

What is AVA?

Information security is often misunderstood. Most people believe that if you throw enough gadgets at an organisation you will mitigate any potential vulnerability. Technology is only a fraction of the picture. Information security is at its heart a human problem. Wherever there exists choice, there is risk.

We specialise in the Assessment, Visualization and Analysis of human organisational information security risk.

AVA maps the realities of your organisation, its structures, and behaviours. This map of people and interconnected entities can then be tested using a unique suite of customisable on-demand and scheduled information security awareness tests.

The results of this combine into a detailed risk profile of your organisation unlike any other tool can provide - from the people up. A diverse set of analysis and visualization tools can then be employed to predict departments, locations, and people who pose the most risk allowing limited educational and defensive budgets to be used where they are most needed.

AVA Secure puts the people first in security assessment, leaving your organisation visibly more secure.

License and Open sourcing

We believe that security tools based on secret recipes are dangerous. Security solutions should always be subject to scrutiny. Open sourcing AVA allows us to be seen and for collaborators to get involved. Only together can we make AVA the best first step to protecting your people.

AVA is released under GPL v2. If you aren't sure what this means then you should probably read this. If the terms of GPL are not suitable to your environment, please get in touch. We would be happy to discuss this with you.

Eventually there may be paid services or components based around AVA. The core will always remain free and open source for those who want to run it internally.

Authors and Contributors

AVA is the work of Laura Bell (@lady_nerd on Twitter) and her company, SafeStack - a specialist New Zealand based application security firm.

For more information or to talk about AVA, email hello@avasecure.com.