Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Related Documentation


    Security Engine Server Identity and Cloaking

    One of the most important aspects of WebApp Secure's "Intrusion Deception" philosophy is in blending in with the protected web application. If attackers were aware of the presence of the product, its efficacy would be negatively impacted.

    • Fake Web Root–Several processors use fake exposed configuration files. Where relevant, this directory will be interpolated into these resources.
    • Fake Server Name–This value will be used to generate the "Server" HTTP header and can be used to mask the actual technology used. For example, if your backend server runs Apache, you can tell WebApp Secure to identify as Microsoft IIS, and an attacker will end up trying exploits for Microsoft IIS, which, of course, will not work against Apache.

    Related Documentation


    Published: 2015-02-04