Breach releases newest version of WebDefend

By Isabelle Chaize

Breach Software, a security vendor specialising in web application security, have released version 3.2 of their flagship software. The latest WebDefend has increased capabilites, making it more appealing to businesses keen to enhance their web application security.

Mike Pierce, CEO of Breach Software, explained the importance of web application security. ‘The pervasive, complex and dynamic nature of web applications introduces unique security implications’ he said.

He continued, ‘Organisations of all sizes require continuous application security solutions that automatically adapt to application changes and a constantly changing threat landscape’.

Among the new features of the updated WebDefend is a capacity to automatically detect abuse of application resources. Breach claims that this is the first security software with this ability.

WebDefend can now sense ’scraping attacks’ which differ from most attacks, making them harder to detect. A scraping attack involves multiple requests for information from an attacker, pretending to be a subscriber, whereas most attacks try to exploit vulnerable codes.

The new version of the software counts requests, and can tell when one user is requesting information more often than is normal. Stopping this kind of attack will help reduce data leakage and theft.

According to Pierce, web application security is becomng more important because more and more businesses are using them. He said, ‘Today every application is a web application. Companies are investing in web apps as nobody wants to use something that’s just used in-house.’

Adding to the need for better security for web applications is the fact that they are more vulnerable. The CEO added that, ‘Business and commerce will continue to grow on the web and will continue to grow for decades. That’s where the money and transactions are and is the growing force for all business. Conversely though, that’s where the bad guys go’.

He gave his predictions for the biggest security threats he imagines for 2008, saying they would come from automation, for example automated Google hacking, and botnets. He added, ‘We’ve just understood there’s a site in China where 10,000 registered users come along to the site to learn about hacking. It’s just frightening. I think the wave moving forward is automation.’