Application Defender

How It Works

Minimize risks, stop attacks in an instant

Many attacks target the application. Network security remains an important layer of defense, but signature-based defenses rely on filters to look for known exploits. A well-known exploit for these solutions is to bypass filters and inject SQL code using comments, capital letters, or encoding, among other techniques. Network defenses that monitor the OSI layers will see parts of the malicious query. Only within the application is the entire query constructed into its fully executable form. Because Application Defender has the complete context from within the application, it can see the full and final query to determine if it is malicious.

The Attack
The attack

A SQL query can be injected into a text data field that lacks input validation. The complete query is constructed within the application.

What App Defender sees

App Defender sees the full query to accurately distinguish attacks from legitimate requests, as well as the line of code with the vulnerability.

What App Defender Sees
What App Defender does
What App Defender does

App Defender takes the prescribed action to stop the attack. In this case, the API call in the application is terminated, and an error is displayed on the requestor’s screen.

What you see

Event details provides the complete execution path, including the line of code, the full contextual query used within the application and rich attribute details.

What you see
What you do
What you do

Know you are protected. Application Defender stops this critical attack and defends the vulnerable application.

Out of the box
What is a risk group?

Risk groups allow you to quickly manage protection settings for multiple application instances. Your selections to monitor, protect and suppress are applied to all agents in the group.

Certificate 1
What is an Agent?

The Fortify runtime analysis technology, also used in WebInspect and ArcSight Application View, monitors API calls to common core libraries as it assesses application flow, data flow and logic for potential threats.

Sample threat scenarios

Application Defender is configured with rule packs that analyze actions by users, data anomalies and logic flow to defend vulnerabilities only visible from within the application. Some of the most critical use cases involve cross-site scripting and injection issues. The SANS Institute compared how Runtime Application Self-protection (RASP) detects these threats versus Web Application Firewalls (WAF). Read the SANS report or watch the SANS webinar replay to learn more.

Brain
XSS

Applications that fail to validate user input create vulnerabilities, allowing malicious code to be passed to the application. Micro Focus App Defender can identify this exploit and terminate the user's session.

Finger print
Auto scanner blocking

Automated scanners can scan your applications looking for vulnerabilities. Micro Focus App Defender can detect these scans and block them, effectively shutting them down.

Read White Paper

Screen chart
SQLi

Only by seeing the complete query, constructed within the app, can it be determined if the query is legitimate or malicious. This capability is particularly necessary to identify second-order SQL injections.

View Webcast

Can you afford not to?

Changing production applications to address new and existing threats takes time, so compensating controls are needed. With a low monthly fee, cloud or on-premise management, and pre-configuration, you can quickly and easily add this line of defense to critical applications.

Read Brochure

Designed with performance in mind

Analysts expect application self-protection to grow substantially because it solves an important problem. Application Defender does not require recompiling code, nor does it change the application code; and, it does not add overhead on the network.

Read White Paper

Pricing

Application Defender offers a low monthly price for each application instance that is defended via SaaS. For on-premise pricing, contact your Micro Focus Account Manager.

See Pricing Details

For on-premise pricing, contact your Micro Focus Account Manager.

release-rel-2018-7-1-hotfix-801 | Wed Jul 11 00:57:53 PDT 2018
801
release/rel-2018-7-1-hotfix-801
Wed Jul 11 00:57:53 PDT 2018