TippingPoint announced its Web Application Digital Vaccine (Web App DV) services, a two-part approach to address the security threat posed by Web applications. This new set of services enables users to maximize their security investments, while reducing the risk of attacks through custom-built Web applications. Further, the deployment of the Web App DV service allows organizations to show PCI DSS compliance while avoiding the pitfalls associated with the ambiguous protection offered by today’s Web application firewalls.
Customer feedback indicates that Web application firewalls (WAFs) have had issues with false positives when deployed in-line with the network. Instead of ensuring high availability of the Web applications they were assigned to protect, the firewalls are causing network outages and performance problems.
In addition, the constant tuning required to mitigate these false positives adds unnecessary ambiguity to the vulnerabilities the WAFs will ultimately protect against and creates a drain on IT resources and budget.
With the TippingPoint Web App DV services, vulnerabilities in customers’ custom-built Web applications are identified and remediated with a set of custom DV filters working in tandem with the standard DV filters to provide comprehensive network protection.
The service begins with a scan of the application and associated URLs to determine weak points in the code and possible areas that could be exploited by malicious attacks such as SQL injection, cross-site scripting or reverse proxy. Once the scan is completed, the customer works with TippingPoint’s DVLabs team to categorize the vulnerabilities by severity and create a custom filter or set of filters that will be deployed through the TippingPoint IPS.