Abstract

Web applications are often the most vulnerable part of a company's infrastructure, and yet are typically given direct paths to the internet, thus leaving these vulnerabilities exposed. In recent years, Web application firewalls and access gateways have been utilized in an attempt to secure this route. However, these methods can prove ineffective against vulnerabilities specific to Web applications, riding atop valid user session and HTTP traffic.

IBM commissioned Tolly to evaluate IBM Security Access Manager (ISAM) for Web for its Web protection effectiveness, performance, and ease-of-use. The ISAM appliance is designed to sit between Web application servers and the Internet, inspecting HTTP traffic and user sessions inline and blocking attempted exploits. Testing was conducted in August 2013.