Web application security provider Armorize Technologies reportedly announced the launch of a new round-the-clock Web site malware injection monitoring and mitigation software service, so called “ HackAlert SaaS (News - Alert),” which makes sure subscriber Web sites remain malware-free.

 

According to Armorize, its HackAlert is a software-as-a-service, or “SaaS” that scans Web sites at pre-determined intervals, decoding JavaScript and looking for changes in HTML code. In case, the software detects that something is amiss, it will alert administrators via text messages along with a link that identifies where the code has been changed or attacked.

 

Now-a-days, legitimate Web sites are injected with malicious code, which are unknowingly downloaded by the user. This is referred to as malware drive-by-downloads. This impacts a company’s compliance, reputation as well as revenue. In addition, it can cause end-user data theft and Google (News - Alert) blacklisting.

 

Armorize built HackAlert based on company’s proprietary malware detection engine. Offering real-time malware injection monitoring and mitigation, HackAlert SaaS provides subscribers with immediate notification that includes actual injected code, as well as malware download details such as source, file type and target folder on the end-user PC.

 

This feature helps the SaaS to deliver true behavior-based analysis as well provides more accuracy than pure signature- or blacklist-based solutions, Armorize said.

 

Due to the fact that HackAlert is delivered as a cloud-based subscription service, it requires only a Web site URL to initiate around-the-clock scanning and mitigation. It is useful for single Web site environments and enterprises to large-scale Web hosting companies.

 

As part of the Armorize Appsec Suite, HackAlert integrates with company’s CodeSecure Static Source Code Analysis platform and SmartWAF Web Application Firewall to provide end-to-end Web application security, said company officials.

 

Automatically integrating with WAF technology, HackAlert’s WAF module dynamically modifies outbound HTTP responses upon malware injection, in order to remove injected malicious elements. This feature helps in preventing drive-by-downloads in real-time. The WAF module supports most of the platforms such as FreeBSD, OpenBSD, Linux, and Microsoft (News - Alert) Windows.

 

In order to minimize false positives, HackAlert moves all suspicious code to a sandbox. Once the software confirms the code to be malicious, it sends out the alert.

 

Moreover, HackAlert detects zero-day malware as well, thereby notifying website owners long before any antivirus signatures are available. Apart from malware injection and blacklisting, it also detects critical events such as defacement and downtime.

 

Available as a free on-demand service, HackAlert can be downloaded at http://hackalert.armorize.com.