Tripwire announced that dynamic web application scanning is now included in IP360. This critical functionality enables customers to detect and prioritize web application vulnerabilities within the context of overall information security risk.
The quantity and value of data connected to web applications make them the target of frequent cyber attacks, and according to a 2013 report from White Hat Security, 86 percent of all websites tested had at least one serious coding error.
The Tripwire WebApp360 solution enables users to automatically detect web applications and identify IT vulnerabilities, allowing users to focus resources on the most important threats. With the addition of web application scanning, IP360 offers customers prioritized assessment of IT security risk across their entire network – from web applications to the underlying IT infrastructure supporting them.
The IP360 web application scanning solution includes coverage in all categories of the Open Web Application Security Project (OWASP) Top Ten. OWASP is the pre-eminent standards body that develops and maintains a consensus-driven list of the most critical web application security flaws.
The OWASP Top Ten is used by the U.S. Defense Information Systems Agency’s (DISA) DoD Information Assurance Certification and Accreditation Process (DIACAP) and is recommended by the U.S. Federal Trade Commission and MITRE, and it has been adopted by the Payment Card Industry Data Security Standards Council for the PCI Data Security Standard (PCI DSS) as well as many other standards.
“Web applications are widely used across enterprise – both internally and externally – but vulnerabilities in these critical applications aren’t detected with traditional network vulnerability scans,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “The WebApp360 solution aims to close this gap by detecting web application vulnerabilities and presenting them in the context of overall network security.”