Securing a Web transaction within the HTTP protocol is a concern for any company leveraging the strength of Web applications. However, protecting the Web application from the growing number of attack threats is a continuing challenge.

Sentryware's released of HIVE version 3.0 offers an improved configuration Windows-based client software utility to assist administrators in securing bi-directional HTTP transactions.

Sentryware incorporates an approach it calls context authentication within HIVE, which stands for HTTP Input Validation and Enforcement. HIVE analyzes bi-directional HTTP and HTTPS transaction message flows, and then generates a security token for each Web object or group of objects.

The security token is an encrypted micro security policy, describing how the object is intended to be used. Only those transaction flow objects with tokens that reference a given security domain are accepted, and thus non-permitted transactions are denied.

"We make sure the input is appropriate for the request," says Chris Adelman, vice president of marketing for Sentryware. "This is context authentication."

Adelman says that state tables are not required, even though HIVE is securing state within HTTP.

The 3.0 release adds a Windows-based client software for configuring the HIVE appliance. In previous releases, much of the configuration was a manual process based on how users access their applications.

"Now the product does that for you automatically, without the user having to spend a tremendous amount of time in learning mode," says Adelman. "All we need to know to configure the product is how the user accesses these application."

The product is priced at $14,500 for up to five application domains. The price for an unlimited number of domains is $23,000. Maintenance is 20% of the original purchase price annually. Customers download the new release software and upgrade using the configuration tool.