« WAF Wars | Main | Windows Desktop Search Indirect Script Injection »

May 20, 2009



Does this require any valid ISS license?




Does any of the data that gets passed through the ISS Virus Prevention System (VPS) engine and ISS WebFilter SDK have to leave the application? i.e. Is the VPS engine and WebFilter SDK contained within the AppScan Malware Scanner eXtension or is scan data handed off to an external website?



All the content AppScan sees gets passed to the VPS engine, which is a local module that analyzes it and reports on its findings - the data does not leave AppScan's process, let alone the computer.

All links are passed to the WebFilter SDK, which does query an online server for the categories this URL belongs to - so the URL itself it passed. That said, the URL is passed over SSL, there are no private details sent with it (it's anonymous), and it is not stored on the server.

I hope this helps clarify things,

The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Become a Fan