Radware’s Web Application Firewall, AppWall – ICSA Certified
We are pleased to announce that Radware’s Web Application Firewall, AppWall has received its ICSA Certification. I wanted to take a moment to explain beyond the press release what that means for the technology and our clients.
ICSA Labs, an independent division of Verizon, has been providing credible, independent, third-party product assurance for end-users and enterprises since 1989. ICSA Labs provides third-party testing and certification of security and health IT products, as well as network-connected devices, to measure product compliance, reliability and performance for most of the world’s top technology vendors. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance.
I have worked with ICSA Labs for more than 14 years, when they were mainly known for the 100% badges affixed on AntiVirus software boxes and reviews. It was a fixture that all leading AV vendors required, and still do to assure companies that they maintain research and development beyond the purchase cycle. That hasn’t change, the commitments Radware give are as important as the software tests we have passed.
ICSA Labs test for real world situations, so it is very comprehensive. Criteria covered include but are not limited to:
- Installation, Administration, Log interpretation Documentation and its accuracy
- Security Policy Enforcement, Service Operation, Data integrity, Data Confidentiality, User Authentication
- Web Attack Protection and Prevention, Enforcement, Infrastructure Masking, Application Change Accommodation, SSL Support, Transparency.
In addition they make sure that the WAF itself is not vulnerable to attack, nor that it introduces any vulnerabilities to the environment. Crucially, products can only gain ICSA Labs Certification if they include the following technologies:
- Negative Security Model – The Candidate Web Application Firewall Product must be capable of creating and enforcing a security policy based upon the negative security model including attack signature and/or rule-based detection and prevention.
- Positive Security Model – The Candidate Web Application Firewall Product must be capable of creating and enforcing a security policy based upon positive Web application behavior; including unknown or potential attacks without negatively affecting intended functionality of the protected web application.
- URL Rewriting/Normalization – The Candidate Web Application Firewall Product must be capable of utilizing URL normalization and rewriting to prevent malicious attacks.
- Active Learning – The Candidate Web Application Firewall Product must be capable of augmenting web application protection with an active learning mechanism without negatively affecting intended functionality of the protected web application.
As for Radware’s AppWall, all coming versions will be subject to this thorough, exacting testing regimen, in the same transparent manner all vendors do. We are immensely proud of this achievement and look forward to the challenges of maintaining it.
To learn more about ICSA Labs, their methodology and other useful information visit