Know the answers to the most common questions for Deep Security for Web Apps.
What is included with the different types of Deep Security for Web Apps licenses?
Deep Security for Web Apps is subscription-based Software as a Service (SaaS) product available at three different licensing levels, allowing you to match product capabilities to the security requirements of your various web applications.
- Deep Security for Web Apps – Standard: Provides complete intelligent application scanning, including platform vulnerability and web application scanning, malware monitoring, web reputation monitoring, false positive vetting and unlimited SSL certificates for your web application.
- Deep Security for Web Apps – Advanced: Provides everything included in the Standard version and adds additional protection capabilities beyond SSL, including automatic platform protection and native web application firewall integration.
- Deep Security for Web Apps – Enterprise: Provides everything included in the Advanced version and adds annual manual business logic testing and proof of exploitation by Trend Micro Web application security experts.
How many types of vulnerabilities do you detect?
With more than 54,500 checks across more than 14,000 vulnerabilities, including all OWASP and Deep Security for Web Apps Consortium testing criteria, Deep Security for Web Apps provides application vulnerability testing to highest industry standards. It detects technical flaws, such as cross-site scripting and SQL injection, as well as logical flaws, such as account privilege expansion and improper session handling.
What type of information do you provide about vulnerabilities?
Deep Security for Web Apps provides a detailed description, compliance status, list of affected components, and suggested solution for the vulnerabilities found in your web applications.
What types of reports does Deep Security for Web Apps produce?
Deep Security for Web Apps produces detailed, auditable reports that document vulnerabilities, remediation, and policy compliance status. You can create customized reports of your platform scanning, application scanning, and malware detection results. Deep Security for Web Apps also comes with these predefined summary reports:
- Last Platform Scan Summary
- New Platform Vulnerabilities Found in Last Scan
- Platform Vulnerabilities by Age
- Last Application Scan Summary
- New Application Vulnerabilities Found in Last Scan
- Application Vulnerabilities by Age
- Last Malware Scan Summary
- New Malware Alerts Found in Last Scan
- Malware Alerts by Age
You can generate one-time reports or schedule recurring reports that are created and emailed to recipients on a regular basis.
The Deep Security for Web Apps console also has a dashboard that you can customize with up to 17 different widgets that provide a visual overview of the status of your system.
How does the malware detection feature work?
Using a sandboxing technology, the Deep Security for Web Apps malware engine leverages a database of over 3 million malware signatures and state of the art behavioral analysis using File and Registry detection. This allows Deep Security for Web Apps to find both known and zero day malware before it impacts your customers or is detected by a blacklisting service.
Which Web Application Firewalls are compatible with Deep Security for Web Apps?
Deep Security for Web Apps provides automatic generation of XML configuration files, which you can deploy to a Web Application Firewall (WAF) to provide rapid protection against vulnerabilities found in application scanning results. You can use Deep Security for Web Apps to automatically generate rules for these WAF products:
- Inperva SecureSphere
- Alert Logic Security Manager
- Citrix NetScaler VPX
Which web browsers can I use to access the Deep Security for Web Apps console?
Although it works with many browsers, Deep Security for Web Apps has been designed and tested to work best with Microsoft Internet Explorer 8 and 9, and with Mozilla Firefox 11 or later.
Which IP addresses do I need to whitelist?
Ensure that your network does not block scanning traffic from the following IP addresses, which belong to the Deep Security for Web Apps datacenter:
- 126.96.36.199/26 (IP range 188.8.131.52 through 184.108.40.206)
- 220.127.116.11/27 (IP range 18.104.22.168 through 22.214.171.124)
- 126.96.36.199/27 (IP range 188.8.131.52 through 184.108.40.206)
How does a reverse proxy server affect scan results?
When Deep Security for Web Apps performs a platform scan, it probes the OS and web server layers of your server to discover vulnerabilities. Platform scanning is effective only if the machine that hosts the web server is directly visible to Deep Security for Web Apps. If you are running your web server behind a reverse proxy, Deep Security for Web Apps will scan and return results for the reverse proxy machine and not the target web server machine.
Will scanning affect the performance of my web app?
Scanning will increase the load on your systems, so you should schedule scans for times when your site is not typically busy.
Where can I get information on how to use the Deep Security for Web Apps console?
You can access the Deep Security for Web Apps online help from the Help menu in the Deep Security for Web Apps console. You can also go to https://was-portal.trendmicro.com/help/en/washelp.html.
Why am I getting multiple test email messages?
The Deep Security for Web Apps scanning feature uses remote scanning to detect vulnerabilities at the web application level. By default, when you add a web application to Deep Security for Web Apps, all pages in the web app will be scanned. This includes pages with HTML forms, which will be filled with test information and submitted. If your web application is written to trigger email messages on form submissions, the emails would get sent to the recipients with the test information included. In some cases, a large number of form submissions will be made during application scanning.
If you want to exclude select HTML form pages from your application scans, contact Trend Micro Technical Support. Note that such exclusions should be minimized as much as possible since the excluded pages will not be tested for application vulnerabilities. If you choose to exclude pages, please invest extra effort to ensure all external input on those pages is sanitized and appropriately encoded before such data is stored or displayed.