Many attacks target the application. Network security remains an important layer of defense, but signature-based defenses rely on filters to look for known exploits. A well-known exploit for these solutions is to bypass filters and inject SQL code using comments, capital letters, or encoding, among other techniques. Network defenses that monitor the OSI layers will see parts of the malicious query. Only within the application is the entire query constructed into its fully executable form. Because Application Defender has the complete context from within the application, it can see the full and final query to determine if it is malicious.
A SQL query can be injected into a text data field that lacks input validation. The complete query is constructed within the application.
App Defender sees the full query to accurately distinguish attacks from legitimate requests, as well as the line of code with the vulnerability.
App Defender takes the prescribed action to stop the attack. In this case, the API call in the application is terminated, and an error is displayed on the requestor’s screen.
Event details provides the complete execution path, including the line of code, the full contextual query used within the application and rich attribute details.
Know you are protected. Application Defender stops this critical attack and defends the vulnerable application.
Risk groups allow you to quickly manage protection settings for multiple application instances. Your selections to monitor, protect and suppress are applied to all agents in the group.
The Fortify runtime analysis technology, also used in WebInspect and ArcSight Application View, monitors API calls to common core libraries as it assesses application flow, data flow and logic for potential threats.
Application Defender is configured with rule packs that analyze actions by users, data anomalies and logic flow to defend vulnerabilities only visible from within the application. Some of the most critical use cases involve cross-site scripting and injection issues. The SANS Institute compared how Runtime Application Self-protection (RASP) detects these threats versus Web Application Firewalls (WAF). Read the SANS report or watch the SANS webinar replay to learn more.
Applications that fail to validate user input create vulnerabilities, allowing malicious code to be passed to the application. Micro Focus App Defender can identify this exploit and terminate the user's session.
Automated scanners can scan your applications looking for vulnerabilities. Micro Focus App Defender can detect these scans and block them, effectively shutting them down.
Only by seeing the complete query, constructed within the app, can it be determined if the query is legitimate or malicious. This capability is particularly necessary to identify second-order SQL injections.
Changing production applications to address new and existing threats takes time, so compensating controls are needed. With a low monthly fee, cloud or on-premise management, and pre-configuration, you can quickly and easily add this line of defense to critical applications.
Analysts expect application self-protection to grow substantially because it solves an important problem. Application Defender does not require recompiling code, nor does it change the application code; and, it does not add overhead on the network.
Application Defender offers a low monthly price for each application instance that is defended via SaaS. For on-premise pricing, contact your Micro Focus Account Manager.