Breach Security announced the release of version 3.0 of its flagship WebDefend web application firewall with patent-pending application defect detection capabilities. The new defect detection functionality automatically identifies flaws in a web application’s operations such as web server failures, coding errors, leakage of database structures and source code, poor session management and missing or broken links, then generates reports for use by web development teams to remediate any issues.
The latest version of the web application firewall assists organizations with efforts to build secure applications, while protecting applications from SQL injection and Cross Site Scripting (XSS) attempts.
Additional features in WebDefend version 3.0 include:
- Generation of help tickets for remediation of defects by development.
- Help tickets include full descriptions of the defect, detailed remediation steps, reference links for further information, and a sample request and reply demonstrating the defect.
- Updates to the WebDefend Manager including consolidation of security events and application defects, centralized full command and control for remote sensors, and control of administrative access roles.
- Automated application change detection provides instant detection and profiling of modifications to production web applications.
- IP/ Network “White List” that enables an administrator to “approve” and “ignore” traffic coming from a specific IP address and/or IP network.
The following new threats are prevented by WebDefend version 3.0:
- Comment spam: websites that accept comments / free text can be “spammed” with malicious links to other sites.
- Email injection: a parameter injection vulnerability that can occur in web applications that send email messages via an HTML form.
- Non-standard user session usage: web applications that do not use standard “session ID” technology are flagged.
- HTTP methods: WebDefend now recognizes over 14 individual HTTP methods
- Security scanners detection: WebDefend detects additional / individual scanning tools separately.