webApp.secure stands out among Web application firewalls for its unique ability to automatically identify allowed behavior based on the content of the website itself.
The "rules" are fed to the Validation Engine by the Content Processing Engine which are extracted from the website by the HTML parser, JavaScript engine, SWF processing engine, and stylesheet parser modules. Careful examination of the content as it leaves the Web server affords webApp.secure the ability to dynamically build a site-specific ruleset in real time. And the rules adapt automatically to changes in the website.
Malicious traffic blocked by the Validation Engine is logged to a well-formed XML file, as well as the Linux syslog or Windows event log. Alerts in the form of e-mail, network pop-up, or HTTP POST (the body of which is an XML representation of the alert) can also be triggered.
This unorthodox approach to solving the Web application security problem makes webApp.secure a proactive solution that:
A modest investment in webApp.secure as part of your overall PCI 6.6 compliance strategy could prove invaluable.