Review: IBM’s Proventia Management SiteProtector

Most organisations have embraced the web to some extent to provide user-friendly applications for employees, customers and partners. However, while Web 2.0 collaboration technologies can increase productivity, they also provide a larger attack surface for miscreants.

In its 2008 Trend and Risk Report, IBM’s Internet Security Systems X-Force group reported that 54.9 percent of all disclosed vulnerabilities in 2008 web application vulnerabilities, and of those web application vulnerabilities, 74 percent had no patch by the end of 2008.”

As luck would have it, IBM’s ISS team offers, alongside these statistics, a comprehensive solution that sets out to address the dangers presented by publicly available web applications by protecting code and data through the entire lifecycle of development, testing, production and upgrades. IBM’s Web Application Protection is a tightly knit combination of top-notch products, including IBM’s Rational AppScan, ISS Proventia Intrusion Protection System, SiteProtector security management console and SecurityFusion module for SiteProtector.

IBM’s Rational AppScan is a comprehensive, accurate and educational vulnerability assessment tool for securing web applications. Rational AppScan includes high-quality information regarding each security issue detected, including video presentations, links to advisories, corrective actions, and detailed examples of vulnerable code and potentially successful attacks – all of which makes it easier to infuse security into your development processes.

The company’s Proventia IPS GX5108 is a proven network IPS pre-configured with web application protection rules that performed well when tested under load in eWEEK Labs’ tests.

These two products, when combined under the umbrella of IBM’s Proventia Management SiteProtector software, provided much needed security insight alongside powerful mechanisms for developing and deploying secure web applications. I recommend that organisations looking to protect their web applications put this IBM package on their evaluation short lists. Existing IBM security customers should not hesitate to add the SecurityFusion Module to their existing SiteProtector environment.

The Proventia IPS Gx5108 is priced at $57,995 (£36,270). Pricing for the Proventia IPS is based on the amount of bandwidth protected and the number of protected segments. AppScan starts at $8,700 (£5,441) for a single-user, fixed-term license (one year); this price includes software subscription and support.

IBM Rational AppScan

IBM’s Rational AppScan provides application scanning coverage for the latest Web 2.0 technologies, including parsing and execution of JavaScript and Adobe Flash applications; AJAX (asynchronous JavaScript and XML) and Adobe Flex-related protocols such as JSON (JavaScript Object Notation), AMF (Action Message Format) and SOAP (Simple Object Access Protocol); elaborate SOA (service-oriented architecture) environments; and custom configuration and reporting capabilities for mashup and process-driven applications.

It was very easy to get started with Rational AppScan. I installed the software on my Windows Vista 64 workstation without a hitch, and immediately took note of pre-built test templates covering regular, quick-and-light, and comprehensive test scenarios. I could use one of these templates as a starting point or create my own scan from scratch.

I created my own scan by clicking New Scan, Web Application Scan (the other choice is Web Services Scan), then assigning a start URL before training AppScan with the proper authentication mechanisms and credentials and selecting “vital few,” “invasive” or “complete” test policy options.

I started the scan on full auto, and watched as the engine spidered my test site to find all pages and build out a site tree along the left-hand column of the AppScan interface. The product’s Scan Expert started the audit with a wide range of tests, logging the vulnerabilities it located, arranged by severity, in a central window. I could scan a web application to see if it is hosting malware or linking to a site that was.