Alphabetical List of World Wide Web Security Products

Timberline Technologies Logo
HOME SECURITY PRODUCT LINKS SECURITY RESOURCES

SECURITY WORKSHOPS SECURITY ADVISORY LINKS CONTACT INFORMATION

CONSULTING SERVICES SECURITY NEWS LINKS SITE MAP

New from Timberline Technologies:

Database Encryption Workshop

Tell me more ...

Alphabetical List of World Wide Web Security Products

Disclaimer:

These links are provided as a free service to those seeking commercial information security products or shareware tools. The fact that a product is listed here is not an indication that Timberline Technologies LLC has evaluated it nor that we recommend it. The descriptive text is generally taken from the vendor's own product literature. The buyer has the ultimate responsibility to ensure that the information security product is suitable for its intended use. Please follow the links to the vendor pages to obtain more detailed information on a particular product. Additional guidance on product selection can be found in the On-Site Security Workshops.

Vendors Please Note: If your product does not appear in this index or if you feel that it has been incorrectly categorized please contact webmaster@timberlinetechnologies.com and the error will be corrected.

Important Note to Surfers: Timberline Technologies takes strict precautions to provide "safe" links. We will not knowingly provide a link to a site with dangerous active content or questionable privacy policies. Nevertheless, we can not guarantee the safety of all links provided. Those who are concerned about browsing securely are advised to use the facilities of BeHidden, safeWeb, Anonymizer or similar service.

Product Name Description

AppScan (Watchfire) AppScan lets you build in Application Security throughout the lifecycle -- important because the relative cost of fixing defects after deployment is almost 15 times greater than in development.

AppScan DE is a real-time security testing and coding tool used by developers to build secure Web applications during the development process without having to sacrifice quality or time. It automates testing, produces defect analysis, and offers recommendations for fixing the security flaws it detects. AppScan DE identifies the location of each defect, produces detailed inline fix recommendations, and helps developers perform a granular analysis of each test and response, resulting in the reduction of downtime caused by security flaws found in production.

AppScan QA is an automated Web application testing tool that helps QA personnel analyze applications for security defects and fix those defects before they find their way onto production websites. Rather than manually test for defects, application testers trust AppScan QA to automate vulnerability detection as an integrated component of the development and testing processes. AppScan QA automates test script creation, modification, and maintenance ensuring reliable and repeatable testing.

AppScan Audit is an automated application vulnerability assessment software used by auditors and compliance officers to conduct comprehensive audits, and to validate Web application quality and compliance with both internal and regulatory security initiatives. AppScan Audit is used as an integrated component of an enterprise security process review. By accelerating assessment and analysis, Appscan Audit provides the consistent evaluation and success metrics necessary for the remediation of security vulnerabilities. Results resolution and communication is simplified by analytical tools such as delta and trend analysis.

BrickHouse (Sage) A bulletproof, Web server appliance featuring Process-Based Security (PBS), Email, Web, FTP and Secure Custom Remote Administration. This server is designed to protect Web sites from the onslaught of hackers and viruses. BRICKHouse's PBS feature is an innovative approach to security where access to resources is based on the process running and not the user. With PBS, a security protocol is assigned to each process loaded by the system administrator. An unrecognizable process is not accepted, access is denied, and the Web site is saved from potential harm.

CronLab Web Filter (CronLab) CronLab's innovative web filter (internet filter/URL filter) ensures an efficient blocking of unwanted or unsafe web sites while enabling internal controls. Choose from over 70 different URL categories to create suitable distinct access policies for different users or groups. CronLab's web filter also features a unique soft-block functionality that only allows users to visit certain sites, e.g. social networking or private emails, during a specific time period if permitted by the administrator, thus increasing employee productivity. Moreover, this solution requires no local software agents to be installed and can be white labeled.

DragonWAF 2010 (DragonSoft) The signature-based DragonWAF protects websites running on IIS server, it effectively protects against 18 common web application attack methods: 1. SQL Injection; 2. Server-Side Include; 3. Directory Indexing; 4. Path Traversal; 5. Cross-Site Scripting; 6. Buffer Overflow; 7. LDAP Injection; 8. Phishing; 9. HTTP Response Splitting; 10. Content Spoofing; 11. Predictable Resource Location; 12. Denial of Service; 13. Application Fingerprinting; 14. Insufficient Session Expiration; 15. Session Fixation; 16. Web Server Fingerprinting; 17. Abuse of Functionality (emails, spiders, data theft); 18. Command Injection

Entrust/Direct (Entrust Technologies) Provides a drop-in solution enabling you to secure your e-business transactions transparently. Entrust/Direct is a flexible Web security product, offering strong front-end authentication, strong encryption and centralized control over security policy.

Entrust/SecureControl (Entrust Technologies) A role- and rule- based authorization solution built on a JAVA™/CORBA® architecture. Entrust/SecureControl enables Web sites to scale to millions of users by removing the requirement for manually maintaining Access Control Lists (ACLs) at each Web Server. Entrust/SecureControl allows your organization to enforce a consistent, enterprise-wide security policy. Using Entrust/SecureControl, you can specify the privileges users have and control their access to data after authentication to a Web site or corporate network.

Entrust/WebConnector (Entrust Technologies) An optional component of Entrust/PKI 4.0. It issues Web certificates to off-the-shelf Web browsers and Web servers to enable secure e-business for both vendors and consumers. It enables encrypted e-mail to keep your communications confidential, and it identifies the property of software publishers with its code-signing capabilities.

GoSecure! for Web Applications (Verisign) Lets you secure the Web interfaces to applications virtually overnight. VeriSign makes it even easier to implement digital certificates to authenticate users and protect transactions with a new service that plugs right into your existing infrastructure, requiring no proprietary hardware or software. This service gives you everything you need to quickly incorporate digital certificate-based security into your existing applications.

HP Praesidium DomainGuard (Hewlett-Packard) Enables real-time Web data sharing between corporate departments, business units, outside partners, and customers.

HP Praesidium VirtualVault (Hewlett-Packard) Built on a security hardened version of the HP-UX operating system. It is integrated with a Trusted Gateway Agent and the Netscape Enterprise Server. VirtualVault is designed for use in the financial services, telecommunications, manufacturing, and retail industries to provide services such as Internet banking, online billing systems, and electronic commerce.

HP Praesidium WebEnforcer (Hewlett-Packard) Provides essential security to quickly enable Web servers for corporate e-business solutions. WebEnforcer is the first integrated Windows NT Web security solution for the key components of the Windows NT Web Server Environment, including the Windows NT Server, IIS Web Server, Transaction Server, Index Server, Internet Explorer, and Data Access Components.

iD2 Guardian (iD2 Technologies) Server software provides an additional security level to Internet or client/server solutions. It operates on multiple platforms and adds standard SSL support and strong 128-bit encryption to any TCP/IP network. It is easily integrated with web servers such as Netscape Enterprise Server or Microsoft Information Server.

InterScan AppletTrap (Trend Micro) Blocks malicious Java applets, malicious JavaScript and unsecured ActiveX controls at the gateway without slowing down your network.

InterScan Web Manager (Trend Micro) Assures proper web access, accountability and security across the enterprise — all managed from a single web-based console.

Muffin (CERIAS) Free web security software. Includes several filters which can remove cookies, kill GIF animations, remove advertisements, add/remove/modify arbitrary HTML tags (like blink), remove Java applets and Javascript, user-agent spoofing, rewrite URLs, and much more. Written entirely in Java. Requires JDK 1.1 Runs on Unix, Windows 95/NT, and Macintosh.

NetRecall (Authentica) Dramatically extends the protection of traditional Web security solutions, such as Web access control and SSL encryption by allowing Web content to be controlled after it's accessed or downloaded by recipients. No matter where your Web content is distributed or stored, your information is secure. As the authoring company, you can make Web content available to some individuals while limiting access by others. You control whether content and images can be viewed, copied, printed, or saved locally. You can even revoke access to or expire Web pages, at any time, wherever they're stored. NetRecall further prevents the unauthorized viewing of content by disabling screen capture and the viewing of source code. NetRecall's powerful tracking feature provides you with details about who viewed your content, when they viewed it, and if content was printed (if printing is allowed.)

NetSign (Litronic) Secures the Internet for communications by adding smart card functionality to Microsoft and Netscape email/browser packages. Mission-critical security functions such as private key storage and digital signatures are performed on the smart card for significantly greater security that is completely portable for use with a desktop or laptop.

PortalXpert (Evidian) A Plug and Play security gateway that provides a single point of secure and easy access to Web resources and "brick & click" applications for customers, partners and employees.

SafeSquid (Office Efficiencies (India)) SafeSquid® provides the mechanism required to deliver Internet Content in an Enterprise Network. Ensures that all the content fetched from the Internet is security checked before it reaches the users. Challenges all applications that seek to access the Internet, to be authenticated. Can be easily managed even in most remote and complex environment. Very easy to use and administer. Can easily complement your existing Internet Gateway. Makes Internet Access, a better experience. Has a very low Total Cost of Owner-ship, and a very good investment.

Safeword Web Access (Secure Computing) A system of software authentication services that allows an organization to be confident of the true identity of system users. SafeWord incorporates patented technologies to achieve a high level of security that is appropriate for demanding environments such as government agencies, financial services and high technology. The SafeWord system is highly scalable and can be used on a variety of popular hardware platforms, making it a natural fit into any size organization. SafeWord integrates with industry standards and commonly used network infrastructure products, as well as Secure Computing products, to provide a complete authentication security solution.

SnareWorks Web (Intellisoft) Extends the reach of the SnareWorks Adaptive Security Framework to the Worldwide Web transparently. SnareWorks Web enables existing web-based applications, whether they are two-tier, three-tier or multi-tier, to utilize enterprise strong credentials for authentication and single sign-on. SnareWorks Web delivers unparalleled authorization using a proven access control model, which enables administrators to control even the most detailed aspects of the web. SnareWorks Web can be distributed to multiple web servers across the enterprise and managed from one central node through a sophisticated graphical user interface. SnareWorks Web accomplishes all this while maintaining a thin footprint, browser only environment.

SnareWorks Web/Extranet (Intellisoft) Designed to enable large enterprises to deploy extranet solutions without requiring specialized software on the remote desktops. It makes use of the browser's ability to provide strong authentication over the Web and enhancements to the SnareWorks interception technology that can convert insecure connections to secure ones.

Snorkel (Odyssey) Snorkel is a security gateway appliance that sits strategically between the web application and its clients-Internet browsers and other Snorkel thick client components.
The appliance is designed to deliver Authentication, Data Integrity, Non-repudiation and Confidentiality services to web applications and its users through the use of the Public Key Technology.
Snorkel, the 64-bit appliance, provides edge security and deploys Public Key Technology with Plug-n-Play ease. The appliance is available from 100 users scalable up to millions of users to cater to small, mid-sized and large business organizations offering, online services.

WebAgain (Lockstep Systems) Detects any changes made to your Web site, including image alterations and the re-routing of links, e-mail and on-line submission forms. It even picks up subtle changes which may be buried in text, such as product availability and pricing changes. WebAgain sends e-mail to your Systems Administrator, Webmaster, and any other people who need to be notified when unauthorized changes are made to your Web site. Copies of the hacked pages are stored in the Quarantine area, allowing you to inspect the changes off-line.

WebFort (Arcot Systems) Strong user authentication for Internet applications.

WebXM (Watchfire) WebXM is the only Online Risk Management platform to automate the scanning, analysis and reporting of online security, privacy, quality, accessibility and compliance issues across corporate web properties. WebXM ensures visibility and control by delivering executive dashboards that are used to identify, assign and track the issues impacting your online business.

HOME	SECURITY PRODUCT LINKS	SECURITY RESOURCES
SECURITY WORKSHOPS	SECURITY ADVISORY LINKS	CONTACT INFORMATION
CONSULTING SERVICES	SECURITY NEWS LINKS	SITE MAP

Product Name	Description
AppScan (Watchfire)	AppScan lets you build in Application Security throughout the lifecycle -- important because the relative cost of fixing defects after deployment is almost 15 times greater than in development. AppScan DE is a real-time security testing and coding tool used by developers to build secure Web applications during the development process without having to sacrifice quality or time. It automates testing, produces defect analysis, and offers recommendations for fixing the security flaws it detects. AppScan DE identifies the location of each defect, produces detailed inline fix recommendations, and helps developers perform a granular analysis of each test and response, resulting in the reduction of downtime caused by security flaws found in production. AppScan QA is an automated Web application testing tool that helps QA personnel analyze applications for security defects and fix those defects before they find their way onto production websites. Rather than manually test for defects, application testers trust AppScan QA to automate vulnerability detection as an integrated component of the development and testing processes. AppScan QA automates test script creation, modification, and maintenance ensuring reliable and repeatable testing. AppScan Audit is an automated application vulnerability assessment software used by auditors and compliance officers to conduct comprehensive audits, and to validate Web application quality and compliance with both internal and regulatory security initiatives. AppScan Audit is used as an integrated component of an enterprise security process review. By accelerating assessment and analysis, Appscan Audit provides the consistent evaluation and success metrics necessary for the remediation of security vulnerabilities. Results resolution and communication is simplified by analytical tools such as delta and trend analysis.
BrickHouse (Sage)	A bulletproof, Web server appliance featuring Process-Based Security (PBS), Email, Web, FTP and Secure Custom Remote Administration. This server is designed to protect Web sites from the onslaught of hackers and viruses. BRICKHouse's PBS feature is an innovative approach to security where access to resources is based on the process running and not the user. With PBS, a security protocol is assigned to each process loaded by the system administrator. An unrecognizable process is not accepted, access is denied, and the Web site is saved from potential harm.
CronLab Web Filter (CronLab)	CronLab's innovative web filter (internet filter/URL filter) ensures an efficient blocking of unwanted or unsafe web sites while enabling internal controls. Choose from over 70 different URL categories to create suitable distinct access policies for different users or groups. CronLab's web filter also features a unique soft-block functionality that only allows users to visit certain sites, e.g. social networking or private emails, during a specific time period if permitted by the administrator, thus increasing employee productivity. Moreover, this solution requires no local software agents to be installed and can be white labeled.
DragonWAF 2010 (DragonSoft)	The signature-based DragonWAF protects websites running on IIS server, it effectively protects against 18 common web application attack methods: 1. SQL Injection; 2. Server-Side Include; 3. Directory Indexing; 4. Path Traversal; 5. Cross-Site Scripting; 6. Buffer Overflow; 7. LDAP Injection; 8. Phishing; 9. HTTP Response Splitting; 10. Content Spoofing; 11. Predictable Resource Location; 12. Denial of Service; 13. Application Fingerprinting; 14. Insufficient Session Expiration; 15. Session Fixation; 16. Web Server Fingerprinting; 17. Abuse of Functionality (emails, spiders, data theft); 18. Command Injection
Entrust/Direct (Entrust Technologies)	Provides a drop-in solution enabling you to secure your e-business transactions transparently. Entrust/Direct is a flexible Web security product, offering strong front-end authentication, strong encryption and centralized control over security policy.
Entrust/SecureControl (Entrust Technologies)	A role- and rule- based authorization solution built on a JAVA™/CORBA® architecture. Entrust/SecureControl enables Web sites to scale to millions of users by removing the requirement for manually maintaining Access Control Lists (ACLs) at each Web Server. Entrust/SecureControl allows your organization to enforce a consistent, enterprise-wide security policy. Using Entrust/SecureControl, you can specify the privileges users have and control their access to data after authentication to a Web site or corporate network.
Entrust/WebConnector (Entrust Technologies)	An optional component of Entrust/PKI 4.0. It issues Web certificates to off-the-shelf Web browsers and Web servers to enable secure e-business for both vendors and consumers. It enables encrypted e-mail to keep your communications confidential, and it identifies the property of software publishers with its code-signing capabilities.
GoSecure! for Web Applications (Verisign)	Lets you secure the Web interfaces to applications virtually overnight. VeriSign makes it even easier to implement digital certificates to authenticate users and protect transactions with a new service that plugs right into your existing infrastructure, requiring no proprietary hardware or software. This service gives you everything you need to quickly incorporate digital certificate-based security into your existing applications.
HP Praesidium DomainGuard (Hewlett-Packard)	Enables real-time Web data sharing between corporate departments, business units, outside partners, and customers.
HP Praesidium VirtualVault (Hewlett-Packard)	Built on a security hardened version of the HP-UX operating system. It is integrated with a Trusted Gateway Agent and the Netscape Enterprise Server. VirtualVault is designed for use in the financial services, telecommunications, manufacturing, and retail industries to provide services such as Internet banking, online billing systems, and electronic commerce.
HP Praesidium WebEnforcer (Hewlett-Packard)	Provides essential security to quickly enable Web servers for corporate e-business solutions. WebEnforcer is the first integrated Windows NT Web security solution for the key components of the Windows NT Web Server Environment, including the Windows NT Server, IIS Web Server, Transaction Server, Index Server, Internet Explorer, and Data Access Components.
iD2 Guardian (iD2 Technologies)	Server software provides an additional security level to Internet or client/server solutions. It operates on multiple platforms and adds standard SSL support and strong 128-bit encryption to any TCP/IP network. It is easily integrated with web servers such as Netscape Enterprise Server or Microsoft Information Server.
InterScan AppletTrap (Trend Micro)	Blocks malicious Java applets, malicious JavaScript and unsecured ActiveX controls at the gateway without slowing down your network.
InterScan Web Manager (Trend Micro)	Assures proper web access, accountability and security across the enterprise — all managed from a single web-based console.
Muffin (CERIAS)	Free web security software. Includes several filters which can remove cookies, kill GIF animations, remove advertisements, add/remove/modify arbitrary HTML tags (like blink), remove Java applets and Javascript, user-agent spoofing, rewrite URLs, and much more. Written entirely in Java. Requires JDK 1.1 Runs on Unix, Windows 95/NT, and Macintosh.
NetRecall (Authentica)	Dramatically extends the protection of traditional Web security solutions, such as Web access control and SSL encryption by allowing Web content to be controlled after it's accessed or downloaded by recipients. No matter where your Web content is distributed or stored, your information is secure. As the authoring company, you can make Web content available to some individuals while limiting access by others. You control whether content and images can be viewed, copied, printed, or saved locally. You can even revoke access to or expire Web pages, at any time, wherever they're stored. NetRecall further prevents the unauthorized viewing of content by disabling screen capture and the viewing of source code. NetRecall's powerful tracking feature provides you with details about who viewed your content, when they viewed it, and if content was printed (if printing is allowed.)
NetSign (Litronic)	Secures the Internet for communications by adding smart card functionality to Microsoft and Netscape email/browser packages. Mission-critical security functions such as private key storage and digital signatures are performed on the smart card for significantly greater security that is completely portable for use with a desktop or laptop.
PortalXpert (Evidian)	A Plug and Play security gateway that provides a single point of secure and easy access to Web resources and "brick & click" applications for customers, partners and employees.
SafeSquid (Office Efficiencies (India))	SafeSquid® provides the mechanism required to deliver Internet Content in an Enterprise Network. Ensures that all the content fetched from the Internet is security checked before it reaches the users. Challenges all applications that seek to access the Internet, to be authenticated. Can be easily managed even in most remote and complex environment. Very easy to use and administer. Can easily complement your existing Internet Gateway. Makes Internet Access, a better experience. Has a very low Total Cost of Owner-ship, and a very good investment.
Safeword Web Access (Secure Computing)	A system of software authentication services that allows an organization to be confident of the true identity of system users. SafeWord incorporates patented technologies to achieve a high level of security that is appropriate for demanding environments such as government agencies, financial services and high technology. The SafeWord system is highly scalable and can be used on a variety of popular hardware platforms, making it a natural fit into any size organization. SafeWord integrates with industry standards and commonly used network infrastructure products, as well as Secure Computing products, to provide a complete authentication security solution.
SnareWorks Web (Intellisoft)	Extends the reach of the SnareWorks Adaptive Security Framework to the Worldwide Web transparently. SnareWorks Web enables existing web-based applications, whether they are two-tier, three-tier or multi-tier, to utilize enterprise strong credentials for authentication and single sign-on. SnareWorks Web delivers unparalleled authorization using a proven access control model, which enables administrators to control even the most detailed aspects of the web. SnareWorks Web can be distributed to multiple web servers across the enterprise and managed from one central node through a sophisticated graphical user interface. SnareWorks Web accomplishes all this while maintaining a thin footprint, browser only environment.
SnareWorks Web/Extranet (Intellisoft)	Designed to enable large enterprises to deploy extranet solutions without requiring specialized software on the remote desktops. It makes use of the browser's ability to provide strong authentication over the Web and enhancements to the SnareWorks interception technology that can convert insecure connections to secure ones.
Snorkel (Odyssey)	Snorkel is a security gateway appliance that sits strategically between the web application and its clients-Internet browsers and other Snorkel thick client components. The appliance is designed to deliver Authentication, Data Integrity, Non-repudiation and Confidentiality services to web applications and its users through the use of the Public Key Technology. Snorkel, the 64-bit appliance, provides edge security and deploys Public Key Technology with Plug-n-Play ease. The appliance is available from 100 users scalable up to millions of users to cater to small, mid-sized and large business organizations offering, online services.
WebAgain (Lockstep Systems)	Detects any changes made to your Web site, including image alterations and the re-routing of links, e-mail and on-line submission forms. It even picks up subtle changes which may be buried in text, such as product availability and pricing changes. WebAgain sends e-mail to your Systems Administrator, Webmaster, and any other people who need to be notified when unauthorized changes are made to your Web site. Copies of the hacked pages are stored in the Quarantine area, allowing you to inspect the changes off-line.
WebFort (Arcot Systems)	Strong user authentication for Internet applications.
WebXM (Watchfire)	WebXM is the only Online Risk Management platform to automate the scanning, analysis and reporting of online security, privacy, quality, accessibility and compliance issues across corporate web properties. WebXM ensures visibility and control by delivering executive dashboards that are used to identify, assign and track the issues impacting your online business.