Teros-100 APS 2.1.1
Security-conscious organizations will find Teros-100 APS a powerful ally in the battle to prevent Web application and Web server bugs from leading to total security compromise. Like others in its class, this Web application firewall is still immature, but Teros-100 APS high-level content filtering features make it stand out and provide current users with a glimpse of what tomorrows security tools will look like. Teros-100 APS costs $25,000, or $30,000 for a model with hardware SSL acceleration.
EVALUATION SHORT LIST
Of the three products we tested, Teros-100 APS showed the most potential in terms of what a Web application firewall should be able to do. Its ability to recognize and control transmission of business objects, such as credit card numbers and Social Security numbers, is unique and provides instant value to organizations that need to quickly implement strong security and privacy controls for customer data.
Teros-100 APS provides six high-level content protection features in addition to the HTML protocol-level checks that the product provides out of the box.
Teros-100 APS credit-card-blocking features support real-time recognition of American Express, Diners Club, Discover, Japanese Credit Bureau, MasterCard and Visa credit card numbers, and we could use the product to configure a Web application to never be able to transmit a credit card number or limit each Web page to contain a single credit card number.
Teros-100 APS actually calculates a credit card checksum to determine if a given string of digits is a valid credit card number and of what type. In testing this feature, a random string of 16 digits was let through, but a page containing a real Visa card number was terminated at the spot the number began.
A module for blocking Social Security numbers provided similar protection, while a built-in dynamic password-complexity checker reported (but did not take any other action) the number of insecure passwords submitted by users, along with the total number of passwords seen.
An anti-defacement page-watermarking feature prevented the Web server from displaying pages that were different from their approved versions. Teros plans to add in a late-summer release the ability to save watermarked pages and provide these saved pages in case of a defacement.
All these functions are impressively innovative but have implementation flaws. Error handling was inconsistent in our tests—the content-protection features simply terminated connections. In other parts of the product, meanwhile, we could display a friendly, custom error message that looked as if it were part of our application.
Also in This Feature:
- Review: InterDo 3.0
- Review: AppShield 4.0
West Coast Technical Director Timothy Dyck is at email@example.com.