New Version of Breach Security’s WebDefend™ Web Application Firewall Adds Passive Vulnerability Detection

Industry-first web application firewall combines protection with application vulnerability detection by monitoring traffic

CARLSBAD, Calif., September 24, 2007 – Breach Security, Inc., the leader in web application security, today announced the release of version 3.0 of its flagship WebDefend web application firewall with patent-pending application defect detection capabilities. The new defect detection functionality automatically identifies flaws in a web application’s operations such as web server failures, coding errors, leakage of database structures and source code, poor session management and missing or broken links, then generates reports for use by web development teams to remediate any issues.

WebDefend combines the best attack detection available with the first automated defect detection in the industry, enabling security teams to ensure that web applications are operating as intended while protected from attacks. The latest version of the web application firewall assists organizations with efforts to build secure applications, while protecting applications from SQL injection and Cross Site Scripting (XSS) attempts.

AudioTel Corporation, a leading provider of automated payment processing solutions that specializes in software for financial institutions, selected WebDefend to assist in the protection of its web application environment.

“AudioTel is in the business of providing quality online financial and banking services—availability and the integrity of our systems is very important to our customers,” said Tim Johnson, Director of Security and Information Technology for AudioTel Corporation. “WebDefend provides visibility into each and every inbound request and server response giving us the ability to recognize sophisticated application attacks and anomalies. This valuable information allows us to constantly improve our defenses and ensure the delivery of our application services to our customers.”

WebDefend performs a continuous, real-time assessment of production web applications for defects and reports actionable forensic results that extend beyond testing by application vulnerability scanners during development. WebDefend assesses the application in its production environment and detects insecure application design techniques that go unnoticed by scanners. This ensures the entire application is assessed and any runtime defects are detected immediately by the security team before they can be exploited by hackers. Security teams can bridge the software development lifecycle gap by generating help tickets for defect remediation.

By using WebDefend’s console, security teams are provided with unprecedented visibility into protected applications’ architectures and communication methods. A full site map details all aspects of the web application including page structure, images and parameters with input validation. The map also provides direct access to security profiles automatically generated to protect the application.

WebDefend’s new defect detection capability adds to the long list of features designed to help organizations achieve compliance for their web applications with the Payment Card Industry Data Security Standard (PCI DSS). In addition to fulfilling the specific PCI DSS requirement 6.6 to deploy a web application firewall by June 2008, WebDefend also assists with other requirements by detecting and auditing all usage of credit card information, blocking all attempts to extract sensitive information from an application, and now passively assessing applications for vulnerabilities as they are used in production environments.

“Protecting web applications requires the bi-directional functions of blocking attacks and stopping privileged information from leaking out of the web environment. Also required is the identification and suggested repair for security vulnerabilities within the code. Our latest version of WebDefend offers the only automated defect detection solution available,” said Marc Shinbrood, Chief Executive Officer, Breach Security, Inc. “This defect detection coupled with our market-leading PCI compliance capabilities have accelerated customer adoption of our solutions.”

Additional features in WebDefend version 3.0 include:

  • Generation of help tickets for remediation of defects by development. Help tickets include full descriptions of the defect, detailed remediation steps, reference links for further information, and a sample request and reply demonstrating the defect.
  • Updates to the WebDefend Manager including consolidation of security events and application defects, centralized full command and control for remote sensors, and control of administrative access roles.
  • Automated application change detection provides instant detection and profiling of modifications to production web applications.
  • IP / Network “White List” that enables an administrator to “approve” and “ignore” traffic coming from a specific IP address and / or IP network.

The following new threats are prevented by WebDefend version 3.0:

  • Comment spam: websites that accept comments / free text can be “spammed” with malicious links to other sites.
  • Email injection: a parameter injection vulnerability that can occur in web applications that send email messages via an HTML form.
  • Non-standard user session usage: web applications that do not use standard “session ID” technology are flagged.
  • HTTP methods: WebDefend now recognizes over 14 individual HTTP methods.
  • Security scanners detection: WebDefend detects additional / individual scanning tools separately.

WebDefend is available from Breach Security and its resellers. For more information, please visit our website at www.breach.com or contact us at +1 866 393 0907 or +1 760 448 2051.

About WebDefend
WebDefend is an advanced web application firewall that offers customized, behavior-based security for each protected application. Only WebDefend uses a patented profiling system and multiple, collaborative detection engines to ensure the flow of business-critical traffic while supplying complete protection for applications to keep the organizations’ confidential information safe from targeted attacks. Deployed out-of-line, WebDefend uniquely provides non-intrusive, effective security for multi-application environments while continuing to provide full blocking capabilities. According to a Forrester Wave Report published in June 2006, WebDefend offers the best threat detection in the market.

About Breach Security, Inc.
Breach Security, Inc. is the leading provider of next-generation web application security that protects sensitive web-based information. Breach Security protects web applications from Internet hacking attacks and provides an effective solution for emerging security challenges such as identity theft, information leakage, and insecurely coded applications. Breach Security’s solutions also support regulatory compliance requirements for security. Founded in 2004, Breach Security is headquartered in Carlsbad, Calif. For more information, please visit: www.breach.com.

# # #

Breach Security, WebDefend, BreachMarks, and ModSecurity are trademarks of Breach Security, Inc. All other companies’ names and product names are trademarks of their respective organizations