Breach Security Rolls Out WebDefend Version 3.6 for Large-Scale Deployments
Web application security appliance secures Web 2.0 applications and offers enhanced reporting.
Breach Security, Inc., in Carlsbad, Calif., has announced the latest release of its flagship WebDefend Web application security appliance, version 3.6. Designed to provide enhanced support to large-scale deployments, WebDefend now offers company-wide reporting and more robust protection against security risks in Web 2.0 technologies, including Asynchronous JavaScript (AJAX), Rich Internet Application (RIA) clients, Real Simple Syndication (RSS), Extensible Markup Language (XML), and Simple Object Access Protocol (SOAP). The new WebDefend provides support for next-generation Web sites and applications to protect information and prevent hacking attacks and data leakage.
With the proliferation of Web 2.0 technologies, developers are adding new interactive capabilities that make Web sites more engaging for users. Typical sites now feature dynamic content and the ability to subscribe to blogs and other content via RSS feeds, an XML-based standard. Developers use XML to create pages with content that is easier to reuse in other applications or presentation environments. SOAP is an XML-based transport mechanism for enabling online transactions and data exchange. Through this transformation, new vectors of attack have opened up that compromise customer data and other confidential information. Cross Site Request Forgery (CSRF), XML Poisoning, Web Services Definition Language (WSDL) Scanning, and Cross-Site Scripting (XSS) in AJAX are just some of the new vulnerabilities found in next-generation Web technologies.
WebDefend v3.6, according to Breach Security, offers the robust capabilities for full bi-directional parsing of XML and blocking of XML-based attacks. The system allows for schema validation and automatically profiles XML applications, which creates a positive security validation for every XML/SOAP property and enables real-time identification of security vulnerabilities and application integrity issues. WebDefend also protects against XML poisoning attacks, XML external entity attacks, and WSDL scanning. WebDefend’s console profile tab provides information into real-world use of XML by the application, to help both developers and IT security staff.
“Breach continues to consistently stay at the forefront of industry innovation by listening to clients and quickly developing features designed to help them achieve even greater Web application security,” says David Hostetter, IT Admin for TranDotCom.
WebDefend also protects applications by automatically tracing malicious access to pages on the Web sites that should be accessed only after a proper login process is done. Using its application profiling engine, WebDefend v3.6 detects the latest Web application threats such as CSRF, HTTP Verb Tampering, and forceful browsing.
“The nature of web application threats continues to evolve as Web 2.0 technologies become commonplace in large enterprise applications,” says Sanjay Mehta, senior vice president for Breach Security. “Only WebDefend provides full bi-directional inspection of all Web traffic flows, delivering unprecedented insight into application traffic, the best attack detection and prevention available, and the capability to ensure online customer satisfaction and successful Web transactions.”
