Network Security: Detailed info on RE: Web Application Security

Subject:	RE: Web Application Security
Date:	Tue, 11 Mar 2008 14:53:52 -0400

If you are limited by the tools/resources Data center would allow. The best 
source would be have custom logging and analyze the logs. You can also create 
triggers based on what you see in the logs for alerting. Beware of false 
positives.
 
Anand

________________________________

From: listbounce@securityfocus.com on behalf of Zack Peters
Sent: Tue 3/11/2008 1:41 PM
To: Javier Fernandez-Sanguino; mahendra_yn@yahoo.com
Cc: webappsec@securityfocus.com
Subject: Re: Web Application Security




--- Javier Fernandez-Sanguino
<jfernandez@germinus.com> wrote:

mahendra_yn@yahoo.com dijo:

Hi all,


I need to harden a web application which is hosted

in a datacentre.I

need to monitor the webapplication 24/7.I also

need to ensure that

there would be no phising attacks on this

website,I know there are a

couple of 3rd party web application firewalls

available which can do

all this,but the question is will the datacentre

allow me to do

this-as a 3rd party service provider?if it doesnt

allow then what are

the other best options available for me.


3rd-party WAFs will actually prevent *some* phishing
attacks they
probably cannot cover all possible XSS attacks,
since these are really
application-dependant.


The other option from a Web Application Firewall is to
use a black box tester and look for vulnerabilities
within your Web application. I personally think that
is a better approach since you are "fixing" the source
of potential vulnerabilities rather than "hiding" them
behind a firewall. The solution that has met my needs
and which I would recommend is Cenzic's Hailstorm. I
have been very happy with the vulnerabilties they have
found. (well, not really happy with the vulns but
happy that I discovered them before someone else did).

Zack


      
____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page.
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in the 
development of any web application. What methodology should be followed? What 
tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------





-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in the 
development of any web application. What methodology should be followed? What 
tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Web Application Security, Javier Fernandez-Sanguino Re: Web Application Security, Zack Peters RE: Web Application Security, Jayaraman, Anand X. <= RE: Web Application Security, Ofer Shezaf

Previous by Date:	Re: Web Application Security, Zack Peters
Next by Date:	RE: Web Application Security, Ofer Shezaf
Previous by Thread:	Re: Web Application Security, Zack Peters
Next by Thread:	RE: Web Application Security, Ofer Shezaf
Indexes:	[Date] [Thread] [Top] [All Lists]