Breach Security Delivers Updated WebDefend™ for PCI DSS Compliance

Ensures compliance with newest credit card security standard

CARLSBAD, Calif., August 1, 2007 – Breach Security, Inc., the leader in web application security, today announced new product capabilities that enable organizations to comply with the Payment Card Industry Data Security Standard (PCI DSS) v1.1. Major credit card holders developed the security standard to halt the rise in high-profile hacking incidents plaguing online consumers and threatening the popularity and growth of the internet as a global marketplace.

The PCI DSS is a set of security requirements established by leading card issuing companies including American Express, VISA International and Mastercard. The standard is designed to protect sensitive account data such as credit card numbers, customer names, and contact information. The PCI DSS requires that network security be in place, properly configured, and periodically audited. In addition, there are security provisions specifically targeted at the web applications themselves. The standard affects any organization that gathers or stores credit card numbers worldwide.

Version 1.1 of the PCI DSS provides organizations with the opportunity to easily implement a single, one-time solution to the PCI requirements relating to the security of their web applications—deployment of a web application firewall. Breach Security’s WebDefend web application firewalls can be easily deployed to immediately protect a production web application. In addition, with each new release of a web application, WebDefend automatically adapts its protection to secure the new version of the application. Organizations can now avoid costly and time-consuming security code reviews and subsequent development-cycle iterations by simply deploying a web application firewall.

Production web applications protected by WebDefend will pass required periodic security audits designed to detect vulnerabilities in web applications. Since WebDefend validates all traffic before it is received by the application, probes sent to discover security vulnerabilities will be blocked by WebDefend, just as real attacks.

WebDefend Features for PCI Compliance
In addition to protecting web applications from attacks, WebDefend has a number of features specifically designed for organizations working to comply with the PCI standard. These features ensure the proper configuration of the security mechanisms for PCI compliance as well as provide reporting that provide specific PCI standard details for each attack prevented. Some of the PCI Compliance features include (but are not limited to):

• Block any data leakage (Requirement 3)

In addition to theft from targeted attacks, sensitive data may be inadvertently leaked through an error in an application. WebDefend will block any data leakage from a protected application. Organizations may configure custom patterns for sensitive information in addition to the list of credit cards and privacy information preconfigured in the WebDefend PCI Policy to ensure that sensitive data is never leaked from their web applications.

• Best attack detection and prevention of web threats (Requirement 6)

WebDefend provides the best attack detection for web threats on the market and when deployed to protect a web application, provides all of the security mechanisms necessary to ensure that web application are protected from attack.

• Track and monitor all access to cardholder data (Requirement 10)

WebDefend monitors and maintains an audit log of all access to credit card information. The audit logs may be exported to a file or printed in the WebDefend Credit Card Usage Report.

• Application security defect assessment in real-time through bi-directional traffic monitoring (Requirement 11)

By monitoring both sides of an application’s communication WebDefend is able to passively assess the application for defects. This assessment complements any performed during QA with scanners by analyzing the complete application through monitoring its usage. In addition to specific defects, such as unvalidated input fields and insecure configurations, WebDefend is able to detect insecure design as well, such as weak cryptography or poor session management. Something scanners are unable to detect.

In addition to supporting PCI compliance within our product line, Breach Security is also leading the market as a member of the Payment Card Industry Council and holding committee leadership roles within the Payment Card Industry Security Vendor Alliance.

WebDefend is available from Breach Security and its resellers. For more information, please visit our website at www.breach.com or contact us at +1 866 393 0907 or +1 760 448 2051.

About WebDefend
WebDefend is an advanced web application firewall that offers customized, behavior-based security for each protected application. Only WebDefend uses a patented profiling system and multiple, collaborative detection engines to ensure the flow of business-critical traffic while suplying complete protection for applications to keep the orgqanizations’ confidential information safe from targeted attacks. Deployed out-of-line, WebDefend uniquley provides non-intrusive, effective security for multi-application environments while continuing to provide full blocking capabilities. According to a Forrester Wave Report published in June 2006, WebDefend offers the best threat detection in the market.

About Breach Security, Inc.
Breach Security, Inc. is the leading provider of next-generation web application security that protects sensitive web-based information. Breach Security protects web applications from Internet hacking attacks and provides an effective solution for emerging security challenges such as identity theft, information leakage, and insecurely coded applications. Breach Security’s solutions also support regulatory compliance requirements for security. Founded in 2004, Breach Security is headquartered

Breach Security, WebDefend, BreachMarks and ModSecurity are trademarks of Breach Security, Inc. All other companies’ names and product names are trademarks of their respective organizations