web shell detection solution

Web Server Safeguard

WSS On-Premise inspects uploaded code and detects server modifications to defend against malicious web shell-based security threats

Watch Video

Rise of Web Hacking

In recent years, multiple sources have reported on the increase in web-based hacking. For instance, around 80% of security incidents in 2023 occurred through web applications.* And web shells were used to exploit vulnerable web applications in 35% of the incidents reported by Cisco Talos (Q4, 2024).**

Web app-based incidents
80
Web shells
35

*Verizon DBIR 2023
**Cisco Talos Q4 2024 Incident Report

WEB SERVER SAFEGUARD

Real-Time Web Security Solution

WSS protects web servers against a variety of web shell-based attacks. It monitors web services in real-time to detect web shells and malicious URLs injected into a web server or WAS. It then quarantines them and allows you to view detection details.

WSS On-Premise Configuration

Customize your detection with WSS:

Web Shell Upload

Web shell detections, quarantine options, notifications, and reports

Detection of Personal Information

Detection of personal information in files, documents, and databases

Malicious URL Management

Malicious URL management via Black, White, and Gray Lists

Recovery of Changes

Detection and recovery of changes in source files and web server configuration files

WSS Management Functions

System Safety Secured

  • Adjust system resource usage (CPU, memory)
  • Redundancy support
  • Attacker IP identification

Security Management Made Easy

  • One-click auto-quarantines and reports
  • Auto-detect target directories on setup and in operation

Limitless Compatibility

  • Compatible with all OS (Windows, Linux, Unix)

Automate Detections

  • Auto-update detection patterns
  • Set up auto-backups of detection logs
  • Filter website uploads with unauthorized extensions

Manage Hierarchy & Access

  • Fully customize management and access rights

Full Integration

  • Full support for external systems linking (SYSLOG, STMP, API, etc.)
  • ESM, SIEM, configuration management, SMS, EMAIL, etc.

Testimonials

“…With web-based attacks becoming increasingly sophisticated, we’ve felt much more secure since adopting UMV Technology’s WSS. It effectively detects even new and obfuscated web shells. As a domestic solution, it’s also highly customizable to our environment, and we’ve definitely seen a significant improvement in our web server security….”

SAMSUNG SDS

“…At first, we were concerned about server resource usage, but WSS runs smoothly with minimal CPU and memory consumption. Even on our live servers, it operates without any performance degradation, which has been very satisfying….”

SK TELECOM

“…Signature-based solutions had their limitations, but I was impressed that WSS’s SCR Parser could detect even obfuscated or modified web shells through static analysis. It’s proven to be effective against zero-day and evasive attacks, which has significantly increased our confidence in our security….”

HYUNDAI CARD

WHY CHOOSE UMV?

17 Years of Experience

UMV Inc. was founded in 2008 and is the first manufacturer to develop a web shell detection solution, both domestically and internationally. With over 300 customers, our products continue to operate stably to this day. Having entered the market 7 years ahead of our competitors, we have already established a strong presence, and most importantly, our extensive history guarantees the reliability and stability of our products.

Trust

For 17 years, we have maintained a flawless track record since implementation, fostering strong relationships with our initial customers and expanding the system. Notable clients include Samsung, Hyundai Card, and NongHyup Bank.

Excellence

UMV Technology’s WSS uses the SCR Parser engine for algorithm-based detection of unknown web shells and malware. It also performs pattern-based detection using proprietary signatures. With data from 30,000+ agents, it minimizes false positives through refined rules and supports environment-specific customization.

Stability

WSS is designed to minimize CPU and memory usage on target servers, ensuring low resource overhead. It offers high portability across all operating systems that support Java 1.5 or higher, including Windows, Linux, and Unix. Additionally, the management server supports high availability (HA) with a dual configuration, enabling stable and reliable service operation.

Explore Other UMV Products

WSS Cloud
WARSS

FAQ

Need more help? Contact us!

Can WSS replace a WAF?

A web application firewall (WAF) protects web applications by filtering and monitoring HTTP traffic to defend against threats like SQL injection, cross-site scripting (XSS), and other vulnerabilities. WSS provides an additional level of protection against web shells further downstream from firewalls. As such, UMV Inc. highly recommends the use of WSS as a booster solution to complement existing WAFs and enhance protection against web shells.

Don’t WAFs also perform web shell detection?

Web application firewalls (WAFs) may provide limited web shell detection functionality through pattern matching techniques or by detecting abnormal traffic behavior. However, web shells often use highly obfuscated, legitimate-looking code or requests, making it difficult for WAFs to differentiate between malicious activity and normal web application traffic.

UMV Inc. recommends the use of WSS in conjunction with WAFs to strengthen protection against obfuscated and segmented web shells.

Don’t Server EDRs also perform web shell detection?

Like WAFs, Server Endpoint Detection & Response (EDR) solutions provide limited web shell detection by detecting abnormal traffic or pattern matching. Unfortunately, a web shell may perform malicious actions within the context of a legitimate web server process, allowing them to go undetected. Furthermore, obfuscated web shells can be difficult for EDRs to detect.

In contrast, Web Server Safeguard (WSS) utilizes a dedicated SCR Parser and decryption engine to catch even obfuscated and segmented web shells in real-time. This allows them to be quarantined immediately, before suspicious activity even begins.

I already have multiple agents on my web server/WAS. Won’t adding another slow it down?

WSS requires the installation of an Agent program onto each web server/WAS that needs to be protected. However, WSS is extremely lightweight, and is designed to minimize resource usage (i.e. less than 1% CPU), ensuring that no impact is made to your web server/WAS’s normal functions.

Is WSS compatible with all servers?

WSS Agents can be deployed on all web servers or web application servers (WAS) with any OS (Windows, Linux, Unix) that supports Java 1.5 or higher.

Does WSS work on clouds?

Yes. Web Server Safeguard (WSS) is available in two versions: On-Premise and Cloud. WSS Cloud offers all the same functions as WSS On-Premise, with further functionality tailored for the cloud computing environment.

Are demos or PoCs available for WSS?

Yes, we offer PoCs for both WSS On-Premise and WSS Cloud. This means you can experience WSS in action and see firsthand how it fits your unique IT environment.

Contact us for more information on PoCs.

How much does WSS On-Premise cost?

WSS is available under a variety of different licenses, which can be customized to the needs of our customers. Please contact us for more detailed pricing information.

Site Menu
Products
Language
Sign up to receive updates on blog posts and UMV news!

Go back

Thank you for subscribing to our mailing list.