« WAF Wars | Main | Windows Desktop Search Indirect Script Injection »

May 20, 2009



Does this require any valid ISS license?




Does any of the data that gets passed through the ISS Virus Prevention System (VPS) engine and ISS WebFilter SDK have to leave the application? i.e. Is the VPS engine and WebFilter SDK contained within the AppScan Malware Scanner eXtension or is scan data handed off to an external website?



All the content AppScan sees gets passed to the VPS engine, which is a local module that analyzes it and reports on its findings - the data does not leave AppScan's process, let alone the computer.

All links are passed to the WebFilter SDK, which does query an online server for the categories this URL belongs to - so the URL itself it passed. That said, the URL is passed over SSL, there are no private details sent with it (it's anonymous), and it is not stored on the server.

I hope this helps clarify things,

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)

Follow us on Twitter

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Become a Fan