WebApp360

Request a Demo

"With WebApp360, nCircle enhances the value of their enterprise-wide risk assessment to include on-going production scanning of these critical web-based applications, complementing the penetration testing that may have been done during development and enabling their ongoing security. "


- Peter Christy, Principal, Internet Research Group

Enterprise Class Web Application Scanning for Production Environments

Online systems such as banking, healthcare, e-commerce, and customer support portals increasingly collect and provide access to extremely sensitive data and internal systems that provide a juicy target for opportunistic hackers. Since mid-2006, web application vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection attacks have made up an increasing percentage of newly discovered vulnerabilities and actual reported intrusions.

The commonly held solution to securing web applications has been to perform security testing during development and QA. But what if the application was developed by a third party, and not the enterprise? What if an emergency code change occurred and the security analysis was insufficient? And what about the underlying operating system, adjacent applications, and databases connected to the web applications – none of which are tested by traditional web application scanners? Security assessments that occur during production are the only assessments that give enterprises real time, continuous knowledge of the security posture of their web applications. nCircle WebApp360 is designed for exactly that -- web application security testing for production environments.

nCircle WebApp360 delivers:

  • Complete web application infrastructure assessment, including web applications, underlying operating systems, and adjacent applications in production environments
  • Comprehensive security risk analysis, combining web application coverage with network, operating system, and infrastructure exposure intelligence
  • Leverages nCircle’s appliance-based architecture, eliminating the high cost of deployment and maintenance associated with other solutions
  • Fully integrated with nCircle IP360™, nCircle Focus™ and Suite360 Intelligence Hub to provide customers with unprecedented visibility into their overall IT security risks

WebApp360 extends nCircle’s market-leading security risk management platform, IP360, to include assessment of enterprise web applications, offering the industry’s most comprehensive view of IT security risk. WebApp360 enables enterprises to automatically and continuously detect critical web application vulnerabilities within the context of overall IT risk, enabling security teams to focus resources on the most important risks. Available as an integrated add-on module to IP360, WebApp360 benefits from IP360’s market-leading scalability, manageability, appliance-based architecture and vulnerability coverage. Together, WebApp360 and IP360 offer customers an unprecedented, prioritized assessment of IT security risk, from web applications to the underlying IT infrastructure supporting them.



Standard nCircle reports and analytics display web application vulnerabilities alone or with operating system and adjacent application vulnerabilities for a comprehensive view of security risk.

Additional WebApp360 Benefits:

  • Continuous, real time assessment of web applications in production environments
  • Comprehensive security risk analysis, combining web application coverage with network, operating system, and infrastructure exposure intelligence
  • Licensed to support unlimited users, eliminating a common frustration among enterprise customers of standalone web application scanners
  • Normalized risk scoring, using nCircle’s risk metric and CVSS v.2
  • Utilizes IP360’s extensive reporting capabilities, providing integrated web application and infrastructure reporting
  • Built on IP360’s proven, scalable architecture, WebApp360 supports even the largest and most complex global networks

Sample WebApp360 Vulnerability Coverage

  • Cross-Site Scripting (XSS) Vulnerabilities
    Cross-Site Scripting vulnerabilities allow attackers to inject arbitrary html or javascript into web applications and their served web pages. This malicious code can then be executed in a visiting client's browser, compromising the client's security. WebApp360 ensures that your web applications cannot be compromised to launch these attacks on visitors to your web pages with dynamic testing for various types of persistent and non-persistent Cross-Site Scripting vulnerabilities.
  • Injection Vulnerabilities
    SQL Injection vulnerabilities allow attackers to inject SQL commandsthrough web pages, making changes to stored data or executing commands that were not intended by the application's developers. WebApp360ensures that your web application will not permit code execution or changes to stored data without appropriate authorization.
  • Web Page Implementation Flaws
    Securing the production implementation of your web applications is just as important as the web application code itself. WebApp360 ensures that fundamental design flaws have not been introduced to your web applications during production implementation, such as password submissions via insecure input fields.
  • Web Application Infrastructure
    Web Applications are only as secure as their weakest link. It is not enough to scan web applications alone, the underlying infrastructure must also be secure. This includes critical security assessment of web servers, operating systems, running services, and adjacent systems.

For more information about WebApp360, contact us