Web Application Security You Can Trust

A broader context for web application results compared to traditional scanners.
The security risk analysis you need.

Identify Critical Web App Risks

Find vulnerabilities before hackers do. We provide coverage in each area of the OWASP Top 10: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and more.

Comprehensive Security Analysis

We look for—and find—needles in the haystack. We combine web application coverage with network, operating system and infrastructure exposure intelligence for a comprehensive view of your security risk.

Integrated Solution

You're the first line of defense. Our vulnerability management solution gives you "night vision," leveraging modern architecture and eliminating the high cost of maintenance with deployment of point solutions.

Tripwire WebApp360: Enterprise Web Application Scanning for Production Environments


Additional Resources

The OWASP Top Ten and Vulnerability Management

Bridging the gap between Vulnerability Management and Web Application Security

Read Article

The Verizon DBIR 2014 Web Application Attacks

60% of web application compromises took place in minutes or less

Read Article

Tripwire web application security solutions reduce the threat gap through automation, business context and enterprise integration.

Feature & Benefits

Know What You Have

Get a comprehensive inventory of web servers, services and applications. Discover any security flaws that exist so you can repair them fast.

Focus on Critical Risks

Differentiate between good and bad changes, minor and critical vulnerabilities and innocuous and suspicious events.

Continuous Monitoring

Real-time detection of threats, anomalies and suspicious events shortens the time it takes to catch and limit damage. Implement security controls by discovering what is on your network.

Enterprise Coverage

Find vulnerabilities before hackers do with true enterprise coverage of a variety of web platforms and compliance policies. We offer an unprecedented, prioritized assessment of IT security risk.

Security Automation

Automate inventory, reporting, remediation and configuration auditing for focused threat management and ongoing compliance. Increase your effectiveness by addressing what truly needs your attention.

Security Dashboards and event views

Efficiently manage your web security risks and dynamically drill down on areas requiring greater scrutiny. Get a complete picture that allows you to respond faster to vulnerabilities and then develop solutions.

OWASP Top 10 Coverage

Finally, we deliver coverage in each area of the OWASP Top 10:

A1 - Injection
A2 - Broken Authentication and Session Management
A3 - Cross-Site Scripting (XSS)
A4 - Insecure Direct Object Reference
A5 - Security Misconfiguration
A6 - Sensitive Data Exposure
A7 - Missing Function Level Access Control
A8 - Cross-Site Request Forgery (CSRF)
A9 - Using Components with Known Vulnerabilities
A10 - Unvalidated Redirects and Forwards

With Tripwire IP360 we can focus on managing risk, not managing scans. We have made a dramatic improvement in our pre-production risk management scores--resulting in better performance, less downtime, reduced management overhead and lower cost.

Jonathan Steenland, Director of North American IT Security

Compliance and security overlap, but are not the same. Compliance provides standards and procedures for a stable system with security controls, while security identifies and protects from threats and vulnerabilities. We needed a solution that addressed both issues.

Dominick Birolin, Network Engineering & Cyber Security Lead, Essential Power