Four security software rivals have teamed up to set a baseline standard for application security firewalls, challenging others in the industry to join them.
F5 Networks, Imperva, NetContinuum and Teros have announced the Application Security Consortium to establish minimum standards for application security software through independent testing. One of the goals is to improve protection for underlying software protocols and application code in web applications.
To satisfy the group's five minimum criteria, application firewalls must block:
- Application inputs containing malicious code
- Attempts to insert illegal data types into applications
- Attempts to modify application cookies
- Attempts to modify application form fields
- Attempts to modify URL parameters.
"We felt like this was a good basis for comparison, even if it is just a minimum standard," said Gene Banman, CEO of NetContinuum. Banman said companies looking for application security tools needed some way to measure the different tools available.
"Web applications often link directly to sensitive business data, making them a prime target for hackers intent on stealing financial and identity data," said Yankee Group analyst Jim Slaby. "Open initiatives by vendors to self-regulate their industry benefit customers by helping establish minimum baselines for comparing security products and sorting through sometimes confusing marketing messages."
Bob Francis writes for InfoWorld