Tripwire WebApp360
Enterprise Class Web Application Scanning
Click here to jump to more pricing!
Overview:
WebApp360: Enterprise Class Web Application Scanning
Online systems such as banking, healthcare, e-commerce, and customer support portals increasingly collect and provide access to extremely sensitive data and internal systems that provide a juicy target for opportunistic hackers. Since mid-2006, web application vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection attacks have made up an increasing percentage of newly discovered vulnerabilities and actual reported intrusions.
The commonly held solution to securing web applications has been to perform security testing during development and QA. But what if the application was developed by a third party, and not the enterprise? What if an emergency code change occurred and the security analysis was insufficient? And what about the underlying operating system, adjacent applications, and databases connected to the web applications – none of which are tested by traditional web application scanners? Security assessments that occur during production are the only assessments that give enterprises real time, continuous knowledge of the security posture of their web applications. WebApp360 is designed for exactly that -- web application security testing for production environments.
WebApp360 delivers:
- Complete web application infrastructure assessment , including web applications, underlying operating systems, and adjacent applications in production environments
- Comprehensive security risk analysis, combining web application coverage with network, operating system, and infrastructure exposure intelligence
- Leverages Tripwire's appliance-based architecture, eliminating the high cost of deployment and maintenance associated with other solutions
WebApp360 extends Tripwire’s market-leading security risk management platform, IP360, to include assessment of enterprise web applications, offering the industry’s most comprehensive view of IT security risk. WebApp360 enables enterprises to automatically and continuously detect critical web application vulnerabilities within the context of overall IT risk, enabling security teams to focus resources on the most important risks. Available as an integrated add-on module to IP360, WebApp360 benefits from IP360’s market-leading scalability, manageability, appliance-based architecture and vulnerability coverage. Together, WebApp360 and IP360 offer customers an unprecedented, prioritized assessment of IT security risk, from web applications to the underlying IT infrastructure supporting them.
Features:
ENTERPRISE WEB APPLICATION SCANNING FOR PRODUCTION ENVIRONMENTS
Online systems such banking, healthcare, e-commerce, and customer support portals increasingly collect and provide access to extremely sensitive data and internal systems that need to be protected, and all are internet-facing web applications—the primary target of opportunistic hackers.
Over the past several years, web application vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection attacks have made up an increasing percentage of newly discovered vulnerabilities and actual reported intrusions. Enterprises have struggled to find solutions that take into account not only the web applications themselves but also the underlying operating systems, databases and other IT infrastructure. Enterprises also require scalability and manageability to support their production systems across their large networks. Tripwire® WebApp360 is the solution, providing a highly scalable, easily managed solution that is designed to test production web applications and their underlying infrastructure.
TRIPWIRE WebApp360 DELIVERS:
- Complete web application infrastructure assessment, including web applications, underlying operating systems, and adjacent applications in production environments
- Comprehensive security risk analysis, combining web application coverage with network, operating system, and infrastructure exposure intelligence
- Leverages Tripwire’s appliance-based architecture, eliminating the high cost of deployment and maintenance associatedwith other solutions
- Fully integrated with Tripwire IP360, Tripwire Focus and Tripwire Suite360 Intelligence Hub to provide customers with unprecedented visibility into their overall IT security risks
Built on the world’s leading security risk management system, Tripwire IP360, Tripwire WebApp360 is uniquely designed to address the needs of global enterprises. It provides a fully integrated and comprehensive view of all vulnerabilities and risks—from web applications to the IT systems supporting them. Leveraging Tripwire IP360’s appliance-based architecture, Tripwire WebApp360 is a true enterprise solution that cost-effectively deploys and scales to enterprises of all sizes and complexity.
When combined with Tripwire IP360, Tripwire Configuration Compliance Manager and Tripwire Suite360 Intelligence Hub, enterprises can now have a fully integrated, highly scalable and manageable solution for security risk and compliance management. Enterprises can finally obtain a single solution that leads to unprecedented visibility and management of IT risk and compliance.
ADDITIONAL BENEFITS
- Normalized risk scoring using Tripwire’s unified risk metric and CVSS v2
- Granular role-based access controls enable re-use of existing Tripwire IP360 roles and creation of new roles specific to management of web properties
- Support for HTTP virtual hosts provides assessment of multiple web sites hosted on a single server
SAMPLE VULNERABILITY CHECKS
- Cross-Site Scripting (XSS) Vulnerabilities Cross-Site Scripting vulnerabilities allow attackers to inject arbitrary HTML or other code into web applications and their served web pages, potentially compromising the security of a visiting client’s browser. Tripwire WebApp360 uses dynamic testing for various types of persistent and non-persistent Cross-Site Scripting vulnerabilities to ensure that your web applications are not compromised.
- Injection Vulnerability SQL Injection vulnerabilities allow attackers to inject SQL commands through web pages, making changes to stored data or executing commands that were not intended by the application’s developers. Tripwire WebApp360 ensures that your web application will not permit code execution or changes to stored data without appropriate authorization.
- Web Page Implementation Flaws Securing the production implementation of your web applications is just as important as the web application code itself. Tripwire WebApp360 ensures that fundamental design flaws have not been introduced to your web applications during production implementation, such as password submissions via insecure input fields.
- Web Application Infrastructure Web application security must take into account the web application itself as well as the underlying infrastructure such as web servers, operating systems, and adjacent applications. Tripwire WebApp360 is the only solution that provides a real time, continuous security assessment of both web applications and their related infrastructure.
TRIPWIRE WebApp360 HIGHLIGHTS
- Continuous, real-time assessment of web applications in production environments
- Leverages Tripwire’s appliance-based architecture, eliminating the high cost of deployment associated with software-based solutions
- Licensed to support unlimited users, eliminating a common frustration among enterprise customers of standalone web application scanners
Documentation:
Download the Tripwire WebApp360 Datasheet (PDF).
- Pricing and product availability subject to change without notice.