Solution Brief
IBM Software IBM Security Solutions
Web application security with IBM Security Solutions Enhance your IT security investment with robust web application protection
Highlights ●
Designed to deliver the full protection of a web application firewall through network and server intrusion prevention solutions
●
Offers proactive web application, Web 2.0 and database protection to limit potential business interruptions and exposures
●
Integrates with IBM Rational® AppScan® to automatically generate recommended security policies for your specific web application vulnerabilities identified by AppScan
●
Helps meet regulatory compliance requirements and industry standards, including PCI DSS
Fortifying your IT security solution with protection for web applications Web applications can help foster closer interactions with your customers and improve collaboration with your employees. During the past several years, however, the number of web-related threats to enterprises of nearly all sizes has risen sharply. About half of these attacks targeted web applications. Even more alarming, by year-end 2009, two-thirds of all disclosed web application vulnerabilities had no patch available. Two significant areas of vulnerability, Structured Query Language (SQL) injection attacks and Cross Site Scripting (XSS) attacks, dominated the attack landscape in 2009.1 These growing areas of targeted attacks on sensitive information exploit websites by altering back-end code to manipulate data entered by users and exploits the trust relationship between users and the websites they visit. The increase in attacks is due in part to the sheer number of web applications being developed—a number that is skyrocketing. In spite of their potential, the interactive nature of these new, collaborative techniques for sharing information makes them highly susceptible and vulnerable to attacks. To help protect your business—and reputation—you need to find ways to enhance your company’s security solutions. With web application protection built into the core IBM intrusion prevention engine, IBM offers the same security as a web application firewall to address web-related vulnerabilities and strengthen your security posture. Integrated into the latest models of the IBM Security family of network and server security products, this feature can help you control attacks at the network, gateway and server levels.