employee using laptop and coding injection

Web Security: Why Does It Matter?

Once upon a time, to access the web we had to have access to our PCs.

Perhaps it wasn’t that long ago, but now with our smart devices, we can access the Internet no matter where we’re currently located. Especially here in Korea, everything is inextricably connected. Companies have even jumped on board with this new-found “connectedness.” Nowadays the services that were previously necessary to seek in-person are available online as a given. Internet banking, financial transactions, registration card issuance, and customer service platforms… The web is now an essential part of everyday life. So what do we do about web security?

Web Security: the Elephant in the Room

With this connected world comes the part that no one wants to talk about. The elephant in the room: Web security.

Now, no one wants to think about that but let’s say you’re a small-medium business (SMB) owner. You’re just getting started and making a slight profit. You want to promote your business on your website. It would also be nice to manage through online services that handle bills and salaries for your employees.

There’s no real way around it – you’re connected to the web. Your information (as well as those of your customers and employees) could be out there if you don’t take the steps to protect it.

The Application Layer

There are many layers to an IT system – and most businesses spend the majority of their security budget on the network layer (which deals with data transfers), maybe a bit more on the systems layer (which are the operating systems like Windows or Linux), and finally the least of their budget on the applications layer (which offers the protocols and services with many features). Now why do they spend so little on the applications? The applications layer is technically complicated and most varied. Therefore, it becomes difficult to find a web security solution.

But this layer is the area that needs the most protection. Because what we know as the “web” is basically composed of applications, including your website. Simply protecting the network or systems layers is not enough. Unfortunately, cyber criminals have figured out that web applications are profitable targets. The most profitable would be the web applications of businesses and companies because the value of their data would be hefty compared to the data of an individual.

Additionally, what many individuals and businesses don’t realize is that cyber threats don’t come in a neat file cabinet. It’s more of a whirlwind of documents that’s constantly being rearranged. For example, there’s SQL injection, cross-site scripting, cookie tampering, website defacement, denial of service, malware… and next year the biggest trends could be an entirely different set of attacks.

While it’s easy to think that perhaps your business is the exception to the rule, Whitehat Security reported that 86% of all websites have at least one vulnerability. That means companies shouldn’t consider web security to be optional, but essential.

smartphone transportation access

Protecting Yourself from Web Attacks?

Then the question is: how do you protect yourself when threats are always changing?

First, if you’re just starting out in the world of web security, I would suggest Cloudbric – a full-service Web Application Firewall (WAF) that can detect even the most elusive attacks. It’s powered by WAPPLES, Penta Security’s WAF that uses a logic analysis engine instead of the traditional pattern matching system. With a lower false positive rate than many of the products out there, it offers accessibility at a reasonable price –  free if your monthly traffic doesn’t exceed 4GB.

Second, make sure you’re consistently educating yourself on cyber security and how to keep your information safe. At the end of the day, keep yourself informed. We’ll be doing our part on this blog going through different types of web threats, what the newest trends are, and what to be on the lookout for. Even those in the industry are always learning. Preparing for these types of threats can prevent major headaches or even worse – loss or damage to information.

Because at the end of the day – you’re protecting your website and investing some time and resources in order to grow your business further. An organization grows as much as you put into it, but if you don’t protect one of your most valuable assets (your customers’ and your own information), how can you expect it to flourish? So research, and take the leap into web security. For more information, visit or email us at

Threat Report 2015-2

Web Application Threat Trends: Penta Security Systems Releases Bi-Annual Report

Second half of 2015 sees sharp increases in hacking attempts targeting website vulnerabilities

Seoul, Korea: Penta Security Systems Inc. has released its bi-annual Web Application Threat Report. Data is collected from detection reports gathered and analyzed in the second half of 2015. It is compiled from approximately 1000 separate units of Penta Security’s Web Application Firewall (WAF), WAPPLES. The units are from customers who have consented to the threat report. Penta Security does not release any sensitive customer data. Through this report, customers are able to gain insight on the newest trends in web application threats, and gain assistance in planning accordingly for future attacks.

Web Application Threat Trends:

In the second half of 2015, the threat report found that a significant portion of the attacks were Vulnerability Assessment attacks (roughly 400 million detections). Many were labelled as “Critical” in terms of risk levels. Vulnerability Assessment refers to when attempts are made to determine the vulnerabilities of a web server.

For web attacks corresponding to OWASP (Open Web Application Security Project) Top 10 attacks, Injection was the most prevalent, at 31%. Injection, where malicious codes are inserted in order to attack applications, causes extensive damage despite the comparatively easy execution process. Second, a high detection was measured for Security Misconfiguration at 26%. Security Misconfiguration attacks are when security settings are re-defined and the system is compromised. This can give hackers access to private data.

The report additionally includes the “WAPPLES Black List Top 30,” a list of source IPs from various countries and networks that have been categorized as spam or hacking with high danger levels.

Penta Security’s Head of Planning, Duk Soo Kim, stated:

web application threat trends“When infiltrators to the system succeed in their target, there could be a multitude of issues as a result of attacks: information leakage, defacement, and even complete server malfunction. Our hope is that through our analytical reports, there can be a push for better access control in order to better prepare to face these types of trends head-on, especially for those responsible for server security.”

For the full copy of the web application threat trends report from the second half of 2015, please visit the Reports section of the Penta Security Systems website.

About Penta Security:

Penta Security Systems Inc. (CEO/Founder Seokwoo Lee) is a leading provider in data and cyber security solutions and services. With over 19 years of IT security expertise, Penta Security is recognized by Frost & Sullivan as the top Web Application Firewall vendor in the APAC region based on market share. For more information on Penta Security Web security services, please visit For potential partnership inquiries, please send an email to

Honored at 2016 Cyber Defense Magazine Awards

Penta Security’s WAPPLES and MyDiamo Win at the 4th annual awards

On February 29th, 2016, it was announced that Penta Security would be honored with two awards by Cyber Defense Magazine (CDM). CDM is one of the industry’s leading electronic information security magazines. It is also the official media partner of the RSA® Conference 2016. Penta Security’s WAPPLES was chosen as the Hot Company in Web Application Security for 2016. MyDiamo was awarded the Editor’s Choice in Data Leakage Prevention for 2016.

Cyber Defense Magazine

Cyber Defense Magazine, along with a panel of leading independent information security experts, performs thorough research and review of potential award nominees for various security categories. The panel is also recognized for multiple cyber security related certifications, such as Certified Information Systems Security Professional (CISSP), Founding Member of the Department of Homeland Security (FMDHS), and Certified Ethical Hacking (CEH).


Penta Security was honored for their Web Application Firewall (WAF), WAPPLES, which is powered by a patented Logic Based Analysis Engine. This detection technology enables WAPPLES to intelligently detect and filter web attacks at a higher accuracy rate with lower false positives than other industry competitors. WAPPLES is currently the number one Web Application Firewall in the APAC region based on market share. Additionally, WAPPLES technology also powers other cloud based solutions from Penta Security. Some of these include WAPPLES V-Series, which can be customized for any virtual or cloud infrastructure, and Cloudbric, a cloud based WAF service targeted for small and medium businesses.

“We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Penta Security has earned this award from Cyber Defense Magazine. Some of the best INFOSEC defenses come from these kinds of forward thinking players who think outside of the box,” said Pierluigi Paganini, Editor-in-Chief, Cyber Defense Magazine.

MyDiamo Recognition

Additionally, recognition was given to Penta Security’s MyDiamo, an engine-level encryption software for open source databases. OSS DBs include MySQL, MariaDB, and PerconaDB. From 2013 to present, MyDiamo has been downloaded over 2,000 times. It has become a leading open source database encryption software.

“The recognition of MyDiamo and WAPPLES from Cyber Defense Magazine further validates our company as an innovator. It is a great endorsement, and shows that we can provide quality products for maximum security,” said Duk Soo Kim, Penta Security’s Head of Product Planning.

For more information on Penta Security or Cloudbric web security services please visit and For potential partnership inquiries, please send an email to or

WAF Market Leader in APAC For Third Consecutive Year

Frost & Sullivan announces Penta Security as the leader among WAF Vendors

Penta Security Systems Inc., a leading Web application and database security vendor, was recently announced to be the market leader among Web Application Firewall (WAF) Vendors in the Asia-Pacific (APAC) region. Selected by Frost & Sullivan, a globally recognized market research and consulting firm in the Frost Industry Quotient (IQ): Asia-Pacific Web Application Firewall Vendors, 2015 report, Penta Security’s WAF solution, WAPPLES, held the largest market share in APAC.

Frost & Sullivan is an North America-based company with more than 50 years of global research and consulting expertise. Each year, they publish the Frost IQ report, which presents an objective assessment of the IT industry.

WAF Market Vendors

As mentioned before,  Penta Security was reported as having the highest market share percentage in APAC. This places them ahead of China-based information security vendor NSFOCUS and more well-known vendors such as Imperva and F5 Networks. The report highlighted a few of the key factors that contributed to the dominance of WAPPLES in the APAC WAF market. WAPPLES runs on the superior performance of Penta Security’s proprietary logic analysis based engine, which attributes to its position as the long-running market share leader in Korea.

Penta Security also maintains strong relationships with its partners. It reaches out through regular seminars, technical support, and continued efforts to satisfy the needs of its customers. The benefiting results provide a deep insight into market demands.

waf on virtual appliance with cd and box

Penta Security leveraged its experience from building an extensive network of partnerships domestically as a foundation for establishing its regional network of international partners. WAPPLES offers deployment through a dynamic array of high-performance WAPPLES appliances or the WAPPLES V-Series, a virtual version of WAPPLES for the cloud. The intuitive WAPPLES Management System simplifies WAF management and provides robust web protection. In addition, customers are able to have a better grasp of the cyber security threat landscape with access to both the WAPPLES Management Portal as well the web attack trend reports published every year in Korean, Japanese, and English. It is these sorts of commitments that put Penta Security at the top of Frost & Sullivan’s list.

10 Years

Penta Security’s CTO, Duk Soo Kim says,

“It’s been 10 years since we first launched WAPPLES. To hear news that it’s leading the WAF market in the APAC region holds deep meanings for me. It makes me proud of our staff that their hard work over for the past 10 years. It shows that it was not in vain.” He continues, “We reached the top domestically and now in APAC. But it’s not the end. We will continue to pour all our efforts into developing great products and become a top global leader.”

More information on Penta Security can be found at For more information regarding specific products or opportunities, contact


Penta Security Receives Frost & Sullivan’s 2014 WAF of the Year Award in Korea

WAPPLES Awarded for the Second Consecutive Year by global research and consulting firm

SEOUL, June 12, 2014 – Data encryption and web security solution provider Penta Security Systems Inc. announced that global research and consulting firm Frost & Sullivan awarded WAPPLES with Web Application Firewall (WAF) of the Year in Korea.

Penta Security’s WAPPLES was chosen among other nominees because of its dominant leader position in the Korean market, revenue, growth strategy & executive ability, and the innovation of product & technology.

Frost & Sullivan stated: “A number of factors have led to this decision: WAPPLES’ undeniable leadership in the WAF market, thanks to the excellence of its logic analysis engine; its high public/private consumer satisfaction due to effective organization and operation; and the constant efforts to understand and satisfy the needs of the market and customers through regular seminars and education sessions with partners.”

Seok-Il Cho, Vice President of Penta Security, stated that “WAPPLES’ excellence has once again been recognized through the ‘2014 WAF of the Year’ award from Frost & Sullivan. This is all thanks to our employees’ sincere endeavors in R&D and marketing, and to our customers who trust our products.”

About Penta Security Systems Inc.

Penta Security Systems Inc. is an information technology (IT) security firm headquartered in Seoul, South Korea. Penta Security offers web application security, database security, and Single Sign On (SSO) solutions. Find more information about Penta Security at

Frost & Sullivan, global research and consulting firm

Frost & Sullivan, headquartered in the United States, is a global growth consulting firm with a 50-year history. They annually nominate and award top companies in various fields including ICT, environment, electronics, energy and healthcare from their branch offices in over 40 countries. For more information, please visit


Attempts to Leak Information on the Rise, Threat Report for Second Half of 2013 Released

Web attack attempts to leak information have increased by 32 million compared to the same period last year

Data encryption and web security provider Penta Security Systems Inc. (CEO/Founder Seokwoo Lee, released the “Web Application Threat Report, Trend for the Second Half of 2013.” One of the most significant findings was the rise in Sensitive Data Exposure, with rising attempts to leak information by perpetrators.

The web application threat report on the second half of 2013 is an analysis using detection log statistics gathered from customers who have agreed to participate in the Web Attack Trends program. None of the customer information that is sensitive in nature is released. The number of participants totals about 1,000 units, excluding public institutions, from July 1 to December 31, 2014. The report is written based on information collected from actual sites. Therefore, the report identifies the latest web security threats trends, and enables readers to respond to ever-changing web attacks more quickly and effectively.

Sensitive Data Exposure, as defined by the international web security experts at OWASP, showed the highest frequency of attacks during the second half of 2013. These attacks attempt to expose sensitive data, such as private information and corporate assets that need to be protected. When successful, these attacks result in the decrease of value, loss of brand perception and legal consequences for executions to leak information. It is therefore critical to deal with such hack attempts before they happen, through the utilization of a web application firewall.

Downloads for the latest, as well as previous reports are available.

These are distribution downloads, and full versions are available for WAPPLES customers of Penta Security Systems. For more information about the award-winning web application firewall, please visit the WAPPLES overview page here. Please contact for further inquiry.