Citrix NetScaler is excited to be honored as a recipient of ICSA Labs Excellence in Information Security Testing Award, given in recognition of outstanding achievement and successful completion of ten years of continuous ICSA Labs information security testing. This award recognizes ICSA Labs’ customers that have demonstrated excellence and maturity through consistent reliance on independent third-party information security and product assurance testing.
The ICSA Labs certification ofNetScaler AppFirewall includes:
- ICSA Labs Web Application Firewall (WAF) certification requirements structured with testing divided up into six areas:
Documentation review, Functional Security, Product Functionality, Logging, Administration and Persistence
- The majority of the testing occurs in the areas of Functional Security and Product Functionality
- Verification of security policy enforcement, protection and prevention against web-based attacks, CSRF protection
- Verification that the WAF product will hide internal application structure and can accommodate application changes
- Fulfillment of the requirement for WAF products to support the Positive Security model as well as support Active Learning.
- Subject the WAF product to a number of attacks – including various exploits, port scanning, DoS, predictable sequence numbers, etc.
- Verification that the admin interface is secure and not susceptible to all of the areas outlined above
More details of ICSA labs can be found here.