Where does webApp.secure™ fit in the overall architecture?
webApp.secure sits behind the Internet-facing perimeter defenses (firewall(s), intrusion detection systems, etc.) and in front of the Web environment (IIS, Apache, WebSphere®, etc.).
What are "Intended Use Guidelines"?
Intended Use Guidelines™ refer to the "rules" extracted from content (primarily HTML) as it leaves the Web environment. Within the context of a positive protection model, Intended Use Guidelines represent a "white list".
Does webApp.secure need to go through a "re-training" process as the website is updated?
No, the Intended Use Guidelines are updated dynamically in real-time based on the content of the site. Changes to the website are automatically recognized.
Does webApp.secure LiveCD meet PCI 6 requirements?
The comprehensive application protection provided by webApp.secure LiveCD (as with the
Professional Edition) satisfies PCI 6 compliance requirements. However, the limited logging capabilities of
webApp.secure LiveCD may require additional development on the part of the user to be fully compliant.
Beware of "pretenders" that claim PCI 6 compliance, but do nothing more than rudimentary HTTP
protocol inspection. These products have no ability to stop SQL injection, cross-site scripting, or
other sophisticated application-manipulation attacks that concern the Payment Card Industry Security Standards
Council
(PCI Security Standards.org).
Is there extensive training or certification required to operate webApp.secure?
No, webApp.secure was designed from the ground up to be as easy to use as it is effective. Unique functionality of webApp.secure makes it very intelligent and automatic, which dramatically reduces on-going administration costs/efforts.