Skip to content

Deep Security for Web Apps

Vulnerability detection and protection for web applications

Comprehensive. Integrated. Actionable insight. Deep Security for Web Apps provides a complete suite of security capabilities in one integrated solution, saving you time and hassle.

  • Complete intelligent scanning of applications and platform
  • Integrated detection and protection for immediate response to new threats
  • Site audits by security experts to detect vulnerabilities that automatic scanning alone can’t catch

Intelligent web application security

Web applications make doing business easier and more cost-effective, but they carry risks. How do you know your applications are safe? Cyberattacks are growing in number and complexity, and you need security software that can keep up.

Trend Micro has developed the first comprehensive service designed to detect vulnerabilities and protect web applications in a single integrated solution. Deep Security for Web Apps offers:


  • Application vulnerability scanning: Detect vulnerabilities like Shellshock and Heartbleed, in web applications, with no false positives
  • Site audits by security experts: Find the Open Web Application Security Project (OWASP) Top 10 web app security risks that automated scanning alone can’t find with site audits by Trend Micro’s security experts, including comprehensive proof of exploitation
  • Platform scanning: Identify key security vulnerabilities at the platform layer, including scanning of the operating system, web server, and application server
  • Integrated protection: Shield vulnerabilities before they can be exploited with intrusion prevention and WAF rules
  • Compliance: Continuously scan applications to help achieve compliance with PCI DSS, HIPAA, etc.

Comprehensive Scanning Without False Positives

AWS pre-authorized scanner

With web apps growing rapidly in number and complexity—plus the frequent changes that a 24/7 online world demands—application vulnerabilities can emerge at any time. Regulations like PCI DSS require regular scanning of applications and platforms, but most organizations only test their applications a couple times a year. These scans typically generate a large number of false positives, and the work required to identify and prioritize the most important risks is far too time consuming.

Trend Micro Deep Security for Web Apps provides automated scanning of platform and application layers, plus periodic site audits by security experts. We also remove false positives, saving you time and effort by allowing you to focus on those vulnerabilities that truly represent a threat. Our solution includes:



Vulnerability shielding with WAF rules

You’ve discovered a serious vulnerability. Now what? With each moment that passes without remediation, you risk exploitation and the resulting impact to reputation, brand, and customer trust. But fixing web application code or patching platforms is time consuming.

Deep Security for Web Apps allows you to shield vulnerabilities by providing WAF rules:

  Native Rule Export for Leading Web Application Firewalls


For technical support information, please visit Trend Micro eSupport.

Common questions, including where to find more information:

open all

What’s included with a Deep Security for Web Apps license?

Deep Security for Web Apps is subscription-based Software as a Service (SaaS) offering that combines automated scanning with periodic, human augmented audits of your web applications to find any of the OWASP Top 10 web app security risks present. Our automated scanning imitates user interaction and crawls your website for application-layer vulnerabilities.

  • Automated application scanning, with proof of exploit and false positive removal
  • Automated platform scanning
  • “Hidden” malware detection, to find if malware is being served to site visitors
  • Web reputation monitoring to ensure no links on your site point to known infection vector or questionable websites
  • Fast web application firewall (WAF) rule generation with XML output pre-configured to block a found vulnerability (integration with leading WAF vendors)

How many types of vulnerabilities do you detect?

With more than 54,500 checks across more than 14,000 vulnerabilities, including all OWASP and Web App Security Consortium testing criteria, Trend Micro Deep Security for Web Apps provides application vulnerability testing to highest industry standards. It detects technical flaws, such as cross-site scripting and SQL injection, as well as logical flaws, such as account privilege expansion and improper session handling.

What information do you provide about vulnerabilities?

Trend Micro Deep Security for Web Apps provides a detailed description, CVE-ID, compliance status, list of affected components, and suggested solutions for the vulnerabilities found in your web applications.

What types of reports does Deep Security for Web Apps produce?

Deep Security for Web Apps produces detailed, auditable reports that document vulnerabilities, remediation, and policy compliance status. You can create customized reports of your platform scanning, application scanning, and malware detection results. Web App Security also comes with these predefined summary reports:

  • Last Platform Scan Summary
  • New Platform Vulnerabilities Found in Last Scan
  • Platform Vulnerabilities by Age
  • Last Application Scan Summary
  • New Application Vulnerabilities Found in Last Scan
  • Application Vulnerabilities by Age
  • Last Malware Scan Summary
  • New Malware Alerts Found in Last Scan
  • Malware Alerts by Age

You can generate one-time reports or schedule recurring reports that are created and emailed to recipients on a regular basis.

The Deep Security for Web Apps console also has a dashboard that you can customize with up to 17 different widgets to provide a visual overview of the status of your system.

How does the malware detection feature work?

Deep Security for Web Apps’ unique malware detection engine ensures that your websites and customers are safeguarded from fast-growing malware attack vectors and newly discovered malware. The malware solution detects dead and inactive malware by monitoring any external JavaScript and hidden iframes placed on your website.

Using a sandboxing technology, the malware engine leverages a database of over three million malware signatures and state-of-the-art behavioral analysis using file and registry detection. This allows the product to find both known and zero-day malware before it impacts your customers or is detected by a blacklisting service.

Which web application firewalls are compatible with Deep Security for Web Apps?

Deep Security for Web Apps provides automatic generation of XML configuration files, which you can deploy to a web application firewall (WAF) to provide rapid protection against vulnerabilities found in application scanning results. You can use Deep Security for Web Apps to automatically generate rules for these WAF products:

  • Imperva SecureSphere
  • Alert Logic Security Manager
  • Citrix NetScaler VPX
  • ModSecurity

Which web browsers can I use to access the Deep Security for Web Apps console?

Although it works with many browsers, Deep Security for Web Apps has been designed and tested to work best with the latest Microsoft Internet Explorer,Mozilla Firefox, Safari, and Chrome browsers.

Which IP addresses do I need to whitelist?

Please ensure that your network does not block scanning traffic from the following IP addresses, which belong to the Trend Micro Web App Security data center:

  • (IP range through
  • (IP range through
  • (IP range through

How does a reverse proxy server affect scan results?

Application scanning and malware detection are not affected by reverse proxies.

Using a reverse proxy server only affects the results for platform scanning. When Trend Micro Deep Security for Web Apps performs a platform scan, it probes the OS and web server layers of your server to discover vulnerabilities. Platform scanning is effective only if the machine that hosts the web server is directly visible to Deep Security for Web Apps. If you are running your web server behind a reverse proxy, Deep Security for Web Apps will scan and return results for the reverse proxy machine and not the target web server machine.

Will scanning affect the performance of my web app?

Scanning will increase the load on your systems, so you should schedule scans for times when your site is not typically busy.

Why am I getting multiple test email messages?

The Deep Security for Web Apps application scanning feature uses remote scanning to detect vulnerabilities at the web application level. By default, when you add a web application to Deep Security for Web Apps, all pages in the web app will be scanned. This includes pages with HTML forms, which will be filled with test information and submitted. If your web application is written to trigger email messages on form submissions, the emails would get sent to the recipients with the test information included. In some cases, a large number of form submissions will be made during application scanning.

If you want to exclude select HTML form pages from your application scans, please contact Trend Micro Customer Support. Please note that such exclusions should be minimized as much as possible since the excluded pages will not be tested for application vulnerabilities. If you choose to exclude pages, please invest extra effort to ensure all external input on those pages is sanitized and appropriately encoded before such data is stored or displayed.

Where can I get information on how to use the Deep Security for Web Apps console?

You can access the Deep Security for Web Apps online help from the Help menu in the Web App Security console. You can also go to

How do I set the starting point for scans?

You can use a scan root to specify the starting point for web application scans. If you do not specify a scan root, Deep Security for Web Apps will use the web application URL as the starting point and will crawl all sub-directories. The scan root can be a web path, a web page, or both. For example, if your web application is accessed at, the base web application URL is and the scan root should be /csr/index.aspx.

You can also use a restrict path to limit the scanner to a specific directory path. The path should begin with a slash (/), for example: /directory. All sub-directories of that path will be included. If you want to further define which directories will be crawled, you can use the web application scope filters.

To configure these settings:

  1. Log in to the Deep Security for Web Apps console.
  2. Go to Administration > Web Applications.
  3. Select the web application you want to configure.
  4. Go to Application Scanner Settings to configure web application scanning. Go to Malware Detection Settings for malware scanning.
  5. Specify the Scan Root or Restrict Path settings.
  6. Under Web Application Scope, you can add rules about which directories will be crawled.

For details on the Scan Root, Restrict Path, and Web Application Scope settings, please see the Deep Security for Web Apps Help.


Connect with us on