This is the backend repository for the AVA Human Vulnerability Scanner. This will require http://github.com/SafeStack/ava_ui if you want a traditional UI.
Visit our homepage, join our mailing list or get an invite to our slack community. The AVA slack community is the central place to meet other contributors, get help/support and discuss new features/bugs. Please email email@example.com for an invite.
AVA is looking for collaborators
We are on the look out for testers, Django/Python developers, documentation folk, graphics wizards, and UX people to help make AVA awesome. If you have some spare cycles and want to contribute get stuck in.
This project is under heavy development and should be considered unstable. Please use the mailing list or issues tracker to report issues.
What is AVA?
Information security is often misunderstood. Most people believe that if you throw enough gadgets at an organisation you will mitigate any potential vulnerability. Technology is only a fraction of the picture.
Information security is at its heart a human problem. Wherever there exists choice, there is risk.
We specialise in the Assessment, Visualization and Analysis of human organisational information security risk.
AVA maps the realities of your organisation, its structures, and behaviours. This map of people and interconnected entities can then be tested using a unique suite of customisable on-demand and scheduled information security awareness tests.
The results of this combine into a detailed risk profile of your organisation unlike any other tool can provide - from the people up. A diverse set of analysis and visualization tools can then be employed to predict departments, locations, and people who pose the most risk allowing limited educational and defensive budgets to be used where they are most needed.
AVA Secure puts the people first in security assessment, leaving your organisation visibly more secure.
License and Open sourcing
We believe that security tools based on secret recipes are dangerous. Security solutions should always be subject to scrutiny. Open sourcing AVA allows us to be seen and for collaborators to get involved. Only together can we make AVA the best first step to protecting your people.
AVA is released under GPL v3. If you aren't sure what this means then you should probably read this.
If the terms of GPL are not suitable to your environment, please get in touch. We would be happy to discuss this with you.
Eventually there may be paid services or components based around AVA. The core will always remain free and open source for those who want to run it internally.
Authors and Contributors
AVA is the work of Laura Bell (@lady_nerd on Twitter) and her company, SafeStack - a specialist New Zealand based application security firm.
For more information or to talk about AVA, email firstname.lastname@example.org.