Powered by back-end databases, Web 2.0 and SOA for Web services, the dynamic nature of Web applications creates new challenges for security and compliance. The widespread growth of Web applications and the business value they deliver attracts hackers and cyber criminals to target Web-based applications to steal data, disrupt operations and infect clients. Because of these risks, Web application security is a key requirement of PCI compliance.
IBM offers the most complete end-to-end Web application security solutions that help organizations pre-emptively find and remediate vulnerabilities, block attacks in real-time, and granularly control access to applications. This enables enterprises to find existing vulnerabilities and prevent new ones from being introduced, block attacks against existing vulnerabilities prior to being remediated, and ensure that only authorized personnel are accessing critical or sensitive applications and related data. IBM’s unique combination of software, hardware and services provides a solution that is tailored to each organization’s unique security requirements and corresponding business needs.
Vulnerability Testing & Secure Application Development
- IBM Rational AppScan
Provides automated Web application scanning and testing for common vulnerabilities including WASC threat classification – such as SQL-injection, cross-site scripting, cross-site request forgery and buffer overflow – and intelligent fix recommendations to ease remediation. The AppScan portfolio includes solutions for developers, QA and security professionals as well as a hosted OnDemand SaaS offering for organizations looking to outsource their application security requirements.
- IBM Application Security Assessment
Helps organizations minimize the risk of hackers causing damage to networks by performing a range of intrusion tests using the same techniques known to be used by hackers. Our security experts will thoroughly assess your applications, from both a technical and non-technical perspective, to determine security weaknesses. The result is a detailed report of findings and specific recommendations for remediating any vulnerability found.
Real-time Attack Protection
- IBM Web Application Security
As part of the IBM Security intrusion prevention system (IPS) portfolio, IBM Web application security can help address Web-related vulnerabilities and strengthen your security posture. Integrated into the latest models of the IBM Security family of network and server security products, this new protection module can help you control attacks at the network, gateway and server levels.
- WebSphere DataPower XML Security Gateway (XS40)
While there is tremendous business value in SOA and XML Web services, security remains an unsolved problem and one of the largest single barriers to adoption. Enterprises require a new pragmatic approach to XML Web services security, one that simultaneously recognizes the uncertainty of new standards, the value of existing infrastructure investments, the organizational challenges and the performance impact of XML security. IBM® WebSphere® DataPower XML Security Gateways utilize specialized hardware to provide real-time Web services security and XML threat protection.
Granular Access and Identify Management
- IBM Tivoli Access Manager
The IBM® Tivoli® Access Manager family of products can help you to securely manage access to business-critical applications and data while giving clients fast, convenient access to the information they need. These solutions provide centralized authentication, policy management and access control services for Web resources, systems and hosted applications.
- IBM Tivoli Security Policy Manager
With IBM Tivoli® Security Policy Manager, IT application owners are able to author application entitlements and fine-grained access control policies and transform them to XACML for distributed policy decisions. These entitlement policies are based on identity, transaction and service/resource context. IT operations can consistently delegate, distribute and enforce security policies across IT application environments, including WebSphere Application Server–hosted applications and custom applications.
Additional Security Offerings
