Application Defender

App Defender

Minimize Risks, Stop Attacks in an Instant

Minimize Risks, Stop Attacks in an Instant

Many attacks target the application. Network security remains an important layer of defense, but signature-based defenses rely on filters to look for known exploits. A well-known exploit for these solutions is to bypass filters and inject SQL code using comments, capital letters or encoding, among other techniques. Network defenses that monitor the OSI layers will see parts of the malicious query. Only within the application is the entire query constructed into its fully executable form. Because Application Defender has the complete context from within the application, it can see the full and final query to determine if it is malicious. See how App Defender works.

previous
  • The Attack

    A SQL query can be injected into a text data field that lacks input validation. The complete query is constructed within the application.

  • What App Defender Sees

    App Defender sees the full query to accurately distinguish attacks from legitimate requests, as well as the line of code with the vulnerability.

  • What App Defender Does

    App Defender takes the prescribed action to stop the attack: in this case, the API call in the application is terminated, and an error is displayed on the requestor’s screen.

  • What You See

    Event Details provides the complete execution path, including the line of code, the full contextual query used within the application and rich attribute details.

  • What You Do

    Know you are protected. Application Defender stops this critical attack and defends the vulnerable application.

next

A SQL query can be injected into a text data field that lacks input validation. The complete query is constructed within the application.

Application defender tour Benefit

Risk groups allow you to quickly manage protection settings for multiple application instances. Your selections to monitor, protect and suppress are applied to all agents in the group.

The HP Fortify runtime analysis technology, also used in HP WebInspect and HP ArcSight Application View, monitors API calls to common core libraries as it assesses application flow, data flow and logic for potential threats.

Sample Threat Scenarios

Sample Threat Scenarios

HP Application Defender is configured with rule packs that analyze actions by users, data anomalies and logic flow to defend vulnerabilities only visible from within the application. Some of the most critical use cases involve cross-site scripting and injection issues. The SANS Institute compared how Runtime Application Self-protection (RASP) detects these threats versus Web Application Firewalls (WAF). Read the SANS report or watch the SANS webinar replay to learn more.

  • XSS

    Applications that fail to validate user input create vulnerabilities, allowing malicious code to be passed to the application. HP App Defender can identify this exploit and terminate the user's session.

    Video - threat scenario

  • Auto Scanner Blocking

    Automated scanners can scan your applications looking for vulnerabilities. HP App Defender can detect these scans and block them, effectively shutting them down.

    SANS Institute paper RASP vs WAF

  • SQLi

    Only by seeing the complete query, constructed within the application, can it be accurately determined if the query is legitimate or malicious. This capability is particularly necessary to identify second-order SQL injections, which are constructed in multiple steps and tend to be more targeted and potentially more damaging.

    SANS Institute webinar RASP vs WAF

Ready to Get Started?

  • Can you afford not to?
  • Designed with performance in mind
  • Pricing