Tim Erlin Director of IT Security and Risk Strategy Tripwire

Tripwire, Inc., a global provider of risk-based security and compliance management solutions, has announced that dynamic web application scanning is now included in IP360 at no additional cost. This critical functionality enables IP360 customers to detect and prioritize web application vulnerabilities within the context of overall information security risk.

The quantity and value of data connected to web applications make them the target of frequent cyber attacks, and according to a 2013 report from White Hat Security, 86 percent of all websites tested had at least one serious coding error.

The Tripwire WebApp360 solution enables users to automatically detect critical web applications and identify IT vulnerabilities, allowing users to focus resources on the most important threats. With the addition of web application scanning, IP360 offers customers an unprecedented, prioritized assessment of IT security risk across their entire network – from web applications to the underlying IT infrastructure supporting them.

The IP360 web application scanning solution includes coverage in all categories of the Open Web Application Security Project (OWASP) Top Ten. OWASP is the pre-eminent standards body that develops and maintains a consensus-driven list of the most critical web application security flaws. The OWASP Top Ten is used by the U.S. Defense Information Systems Agency’s (DISA) DoD Information Assurance Certification and Accreditation Process (DIACAP) and is recommended by the U.S. Federal Trade Commission and MITRE, and it has been adopted by the Payment Card Industry Data Security Standards Council for the PCI Data Security Standard (PCI DSS) as well as many other standards.

“Web applications are widely used across enterprise – both internally and externally – but vulnerabilities in these critical applications aren’t detected with traditional network vulnerability scans,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “The WebApp360 solution aims to close this gap by detecting web application vulnerabilities and presenting them in the context of overall network security.”

WebApp360 and IP360 are now part of the Tripwire security solution portfolio following its recent acquisition of nCircle.

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats.