Table of Contents
- What is AppTrana?
- What is AppTrana Portal? What can I do with AppTrana Portal?
- Why do I require Indusface account?
- Is not an antivirus and a firewall enough? If not, Why?
- If I type wrong domain name/IP Address in the domain registration page, how can I correct?
- What is the purpose of having an Elastic Load Balancer (ELB) in a Single Node AWS?
- What are the acceptable formats of IP Address in the settings page of AppTrana Portal?
- What can I do if I forgot my password?
- Am I behind a CDN? Will it work?
- Are you PCI compliant?
- How to add a website?
- How to configure for authenticated scans?
- Can I turn off AppTrana anytime I want?
- My site uses SSL, Can AppTrana support it?
- Why there is no free trail option for premium subscription?
- Should I be concerned about Latency?
- Where can I find the total bandwidth consumption by different websites/Traffic Summary of a specific website?
- How to delete a website?
- What is a POC and why do I request it?
- How will the first time scan help me in protecting my site? / Why should I scan my website?
- How frequently should I scan my website?
- Will your scans interrupt my users?
- Is my scan report confidential?
- Do you need my website credentials to perform a scan?
- What is Pen Testing?
- What kinds of website problems can you detect?
- How do I initiate a scan? How do I request for Manual Pen Testing?
- What do you mean by Custom Rules?
- Where can I see Pen Testing results?
- Where can I see Custom Rules created for my website?
- Where can I see the count for POC created?
- Password Policy
AppTrana
Updated by Author
- What is AppTrana?
- What is AppTrana Portal? What can I do with AppTrana Portal?
- Why do I require Indusface account?
- Is not an antivirus and a firewall enough? If not, Why?
- If I type wrong domain name/IP Address in the domain registration page, how can I correct?
- What is the purpose of having an Elastic Load Balancer (ELB) in a Single Node AWS?
- What are the acceptable formats of IP Address in the settings page of AppTrana Portal?
- What can I do if I forgot my password?
- Am I behind a CDN? Will it work?
- Are you PCI compliant?
- How to add a website?
- How to configure for authenticated scans?
- Can I turn off AppTrana anytime I want?
- My site uses SSL, Can AppTrana support it?
- Why there is no free trail option for premium subscription?
- Should I be concerned about Latency?
- Where can I find the total bandwidth consumption by different websites/Traffic Summary of a specific website?
- How to delete a website?
- What is a POC and why do I request it?
- How will the first time scan help me in protecting my site? / Why should I scan my website?
- How frequently should I scan my website?
- Will your scans interrupt my users?
- Is my scan report confidential?
- Do you need my website credentials to perform a scan?
- What is Pen Testing?
- What kinds of website problems can you detect?
- How do I initiate a scan? How do I request for Manual Pen Testing?
- What do you mean by Custom Rules?
- Where can I see Pen Testing results?
- Where can I see Custom Rules created for my website?
- Where can I see the count for POC created?
- Password Policy
What is AppTrana?
Indusface AppTrana detects Application-Layer vulnerabilities accurately with web application scanning (detect), patches them instantly with web application firewall (protect), and monitors traffic continuously for emerging threats and DDoS attacks, to mitigate them (monitor). Available as a fully managed security solution, TAS includes 24 X 7 security expert support to create custom rules, analyze and block attacks, maintain zero false positives, and report incidents in real-time.
What is AppTrana Portal? What can I do with AppTrana Portal?
AppTrana portal gives you security health overview of your applications with detailed information on enlisted websites like protection status, DDoS attacks, monitoring, security expert suggestions and furthermore you can:
- View attacks and vulnerability details
- Initiate On-demand scans
- Whitelist and blacklist the rogue IPs and Countries
- Request Proof of Concept
- Request custom rules
- Request Penetration Testing
- Understand the value of monitoring by reviewing suspicious activity
Why do I require Indusface account?
The Indusface account allows you:
- To initiate scans and to understand existing vulnerabilities, their protection status and their impact on the business.
- To view attack details such as attacked URIs, IPs, and countries from where attacks originated and take control to block attacks.
- Seek help from the MSS team to request proof of exploitation of vulnerabilities, to create application-specific rules to protect complex vulnerabilities and DDoS attacks. Get maximum benefit from 24x7 Managed security services team.
Is not an antivirus and a firewall enough? If not, Why?
Anti-virus and network firewall are only effective against network-level attacks. Security giant Gartner reports that 70% of all web attacks happen at the application layer or the Layer-7. Neither an anti-virus nor the firewall can detect OWASP weaknesses and business logic vulnerabilities or block attacks.
If I type wrong domain name/IP Address in the domain registration page, how can I correct?
A domain name cannot be changed at any case whereas IP address can be updated from Settings page. Contact Support for further queries.
What is the purpose of having an Elastic Load Balancer (ELB) in a Single Node AWS?
The intent of maintaining an ELB in a Single Node AWS deployment is
- One of the best practice for AWS.
- Provides robust networking and security features (E.g. DDoS)
- Monitors the health of the instance and ensures that it routes traffic only to healthy instances.
- Creates a load balancer node in the Availability Zone, which routes the traffic to the healthy instances when Availability Zone becomes unavailable.
What are the acceptable formats of IP Address in the settings page of AppTrana Portal?
IP Address Format:
Normal IP address E.g. 192.168.1.1
IP address with CIDR E.g. 192.168.1.1/24
CIDR:
Classless inter-domain routing (CIDR) is a set of Internet protocol (IP) standards that are used to create unique identifiers for networks and individual devices.
What can I do if I forgot my password?
- Click Forgot Password link in AppTrana login page. Reset Password page appears.
- Click Username field, enter your username and click Submit button.
A Confirmation pop up appears with a message confirming that new password has been generated.
- Click OK button to close the pop-up and check your registered email address.
Am I behind a CDN? Will it work?
No issues, AppTrana works seamlessly with third-party CDNs. While onboarding, you will be asked to select if you are using third-party CDN.
If a third-party CDN is used, disable the CDN toggle button while onboarding. We suggest you to go through our Apptrana onboarding documentation for step by step registration. Reference Figure.
Figure
Are you PCI compliant?
Yes, 100%. Entire operations of Indusface is built bottom-up on AWS and AWS cloud infrastructure used by TAS has multiple certifications including SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, PCI, ISO, and FedRAMP. Our operations adhere to strict PCI standards and are PCI certified. Indusface is also Cert-in certified security auditor. As an empaneled auditor, Indusface is qualified to conduct vulnerability assessment and penetration testing audits of websites while issuing website security certificates to corporate and government organizations that pass the audit.
How to add a website?
The Dashboard page contains Add Website option.
- Click Dashboard or Sites Protected on the left navigation plane. Click here for more information.
How to configure for authenticated scans?
While on-boarding, you will be asked to choose if scan needs to be done behind authentication page, if you select that you do so, then our team will be notified and they will reach out to you to get the credentials.
Can I turn off AppTrana anytime I want?
Yes! Apptrana has Four types of WAF statuses given among which Log and Block, Log Only and Disabled are displayed for SAAS or/and Non-SAAS websites, ByPass option is available for SaaS websites only.
The selected option in WAF Status is the current status.
Click here for further information.
My site uses SSL, Can AppTrana support it?
Of course, AppTrana supports both custom SSL and free SSL certificate as part of Advance and Premium offerings.
This means, all sites will be on-boarded to listen on SSL traffic. If you have your own SSL, you can easily provide at time of on-boarding.
If you do not have SSL, you have 2 choices. They are:
Get EV certificate from Indusface.
Use LetsEncrypt certificate which AppTrana gets automatically issued while on-boarding.
Why there is no free trail option for premium subscription?
Premium plan is an extension of advance plan with experts monitoring your traffic, creating custom rules and ensuring zero false positives . Since this is an intensive process and would take more than 14 days, it is not included as part of free trial. All the other features of Premium plan is similar to Advance plan and we encourage you to try out our Advance free trial before choosing your plan.
Should I be concerned about Latency?
Built native on AWS, Indusface AppTrana Infrastructure has been designed keeping security and performance in mind. As AppTrana is hosted on multiple regions and a website will be on-boarded on the region closest to it, there will be minimal latency. The scalable AppTrana Infra ensures that there is no degradation of performance even on high traffic and guarantees 99.999 uptime SLA.
Where can I find the total bandwidth consumption by different websites/Traffic Summary of a specific website?
Dashboard page has the information of all bandwidth consumption in total as well as specified per website. Total Bandwidth consumption for Monthly or Weekly is displayed in a bar graph.
- Click Overview page on the left navigation plane to view the Bandwidth usage information per website.
Click here to know more about bandwidth/total data transfer information.
How to delete a website?
Delete option is displayed in Overview page. Click to select the website you would like to delete and then click the Delete symbol. Confirmation page pop ups, click Yes to proceed with the deletion.
Click here to see the further information.
What is a POC and why do I request it?
POC demonstrates how a specific vulnerability can be exploited to attack the application. When we get the POC request, we will revalidate if the vulnerability really exists and provide you the Proof in the form of screenshots.
How will the first time scan help me in protecting my site? / Why should I scan my website?
The scanner will scan your website to identify the vulnerabilities. Each page will be scanned for security weaknesses. We will then provide you with a report that reveals the loopholes in your websites that you have to reinforce. This way it will help you to protect your website.
How frequently should I scan my website?
Frequent scanning (every day) is essential for the websites if the website stores critical information about user's financial information in the database because new vulnerabilities are released very often. If you do not store confidential information in the database and if you rarely change the code on your site, then occasional scanning is enough.
Will your scans interrupt my users?
No. Scans are intended to do on live sites to imitate attackers and to find the loopholes in websites. Your client will not even notice that scanning is in progress.
Is my scan report confidential?
Yes. The results of your scans are confidential.
Do you need my website credentials to perform a scan?
No, we do not require any of your website credentials unless if you want to scan authenticated pages.
What is Pen Testing?
A penetration test or pen test is a manual attack by our expert on the applications. Our experts seek security weaknesses, potentially gaining access to website privileges and data. Such assessments are helpful in finding security flaws that miss automated scanning. Our experts think and attack like hackers for creating preventive measures after the testing.
What kinds of website problems can you detect?
Web Application Scanning and Penetration Testing looks for OWASP 10 vulnerabilities, badly coded web pages, database connections that allow access to private data or issues in any other applications such as a shopping cart or blogs.
How do I initiate a scan? How do I request for Manual Pen Testing?
- Click AUTO SCAN button in Detect Summary tab. Scan has been triggered message is displayed below.
- Click Manual Pen Testing button in Detect Summary tab. Manual Pen Testing is initiated message is displayed.
Click here for further information of other scenarios.
What do you mean by Custom Rules?
Custom rules are created by Indusface security experts based on application specific need to address vulnerabilities which are not readily fixed by the core rules
Where can I see Pen Testing results?
Total Manual Pen Testing detected vulnerabilities with the last scan performed for Manual Pen Test is given in detect page. Total Manual Pen Test detected vulnerabilities with severity level like critical, high, and medium.
Where can I see Custom Rules created for my website?
Custom Rules created are displayed in Action Summary of Monitor tab in AppTrana.
Where can I see the count for POC created?
POC count is displayed in Monitor tab of AppTrana Portal.
Password Policy
Kindly follow Indusface Password Policy while updating your password.
Password must be at least 7 characters, requires at least one Uppercase Letter, one Lowercase Letter, one Numeric Digit, and one Special Character.