webApp.secure™ stands out among Web application firewalls for its unique ability to automatically identify allowed behavior based on the content of the website itself.
The "rules" (allowed behavior) are fed to the Validation Engine by the Content Processing Engine which are extracted from the website by the HTML parser, JavaScript interpreter, SWF parser, and stylesheet parser modules. A site-specific ruleset is dynamically created in real time. The real time nature means that as the website content changes, revised rules are automatically reflected in the Validation Engine.
Malicious traffic blocked by the Validation Engine is logged to a well-formed XML file, as well as the Linux syslog or Windows event log. Alerts in the form of e-mail, network pop-up, or HTTP POST (the body of which is an XML representation of the alert) can also be triggered.
This unorthodox approach to solving the Web application security problem makes webApp.secure a proactive solution that:
A modest investment in webApp.secure as part of your overall PCI 6.6 compliance strategy could prove invaluable.