Privacyware Enhances SQL Injection and XSS Defense with Updated IIS Web Application Firewall

Web Application Firewall and AI-based Behavioral Modeling/Analysis Delivers Broad IIS/SQL Defense and Reinforces PCI DSS Compliance.

Red Bank, NJ, June 25, 2008 --( Privacyware (, an innovative provider of web application security, intrusion prevention and security data analytics software, today released the latest version of ThreatSentry, a software-based IIS Web Application Firewall and Intrusion Prevention solution. In response to customer and general market demand for more effective protection against Structured Query Language (SQL) Injection, cross-site scripting (XSS) and other web application and database related attacks, Privacyware has expanded ThreatSentry’s Parameter parsing and URL Query String inspection capabilities at the Web Application Firewall and behavioral analysis layers.

“In recent months, we’ve witnessed the attack landscape — SQL injection exploits in particular — expand exponentially,” said Privacyware CEO, Greg Salvato. “This problem is largely a result of the swift adoption of automated tools now in common use by hackers to rapidly identify vulnerable websites and servers. More urgent, however, is the evolving sophistication of the evasion techniques used which can render ineffective traditional rules-based (keyword and signature pattern-matching) technologies.”

An ISAPI filter hosted in MMC, ThreatSentry is comprised of a Web Application Firewall and behavior-based Intrusion prevention component founded on specialized artificial intelligence and machine learning technologies specifically designed to address internal and external unauthorized system access and cyber-criminal threats on Web servers utilizing Microsoft Internet Information Services (IIS). Since its introduction, IIS has grown in popularity and ranks as one of the most widely used platforms for enabling simple to sophisticated Web sites and Web-based applications. While it is well-regarded for its ease of use and range of features, it is frequently targeted by hackers due to a variety of server and database vulnerabilities and the inherently open nature of many Web applications – many of which manage sensitive information such as credit card numbers, passwords, or other private data.

“In response the alarming rise in frequency of SQL-based attacks, we’ve expanded ThreatSentry’s Parameter parsing and URL Query String inspection capabilities at the Web Application Firewall layer,” said Privacyware CTO, Konstantin Malkov. “In addition, we’ve enhanced ThreatSentry’s cognitive components, which are capable of detecting similarities to known malicious patterns or revealing behavioral deviations among normal traffic, to deliver improved protection against known or new SQL Injection and other threats to the web infrastructure.”

The latest version of ThreatSentry detects and blocks known and new attacks and unwanted web application traffic and also helps customers comply with section 6.6 of the Payment Card Industry Data Security Standard (PCI DSS). Other key ThreatSentry features include email alert notification, compliance and security reporting, centralized management for multiple servers and protection from an array of documented exploitive techniques including SQL Injection, Directory Traversal, Cross-site scripting, Parameter Manipulation, Buffer Overflow, Denial of Service, and other exploitive techniques.

ThreatSentry is available for purchase or 30-day trial download via the Privacyware web site: or through an authorized Privacyware reseller. ThreatSentry pricing starts at $649 per server and supports Microsoft Windows Server 2000/2003 and Internet Information Services (IIS) 5.0/6.0. To locate a reseller, please visit Privacyware at or call 732-212-8110 x235.

About Privacyware
Privacyware ( is an innovative provider of web application security, intrusion prevention and security data analytics software. Privacyware security data analytics products help enterprise security and compliance personnel overcome the increasingly critical challenge of security data overload, better understand the environments for which they are responsible and more effectively identify and comprehend malicious, unauthorized and/or deviant activity. Privacyware web application security and desktop defense offerings increase the level of protection from new and known malware, intrusions and other threats to individual, small business and large enterprise computing environments. Privacyware is a Microsoft Gold Certified Partner.

Contact: Gregory Salvato - Privacyware, (732)-212-8110, x235.

Privacyware, Adaptive Security Analyzer, ThreatSentry, Endpoint Security Console, Privatefirewall and Dynamic Security Agent are registered trademarks of Privacyware/PWI, Inc. in the United States and other countries. All other trademarks mentioned are the property of their respective owners.

Greg Salvato
732-212-8110 x.235