Educause Security Discussion mailing list archives
Re: Web application monitoring, web application scanning products, and web application firewalls
From: "Petreski, Samuel" <samuel-petreski () UIOWA EDU>
Date: Mon, 19 May 2008 17:00:06 -0500
I would suggest checking out the following two packages based on your Web Server, for IIS - Aqtronix WebKnight - http://www.aqtronix.com/?PageID=99 for Apache - ModSecurity - http://www.modsecurity.org In regards to Web Vulnerability Scanner vs. Web App. Firewall, I don't think they can be compared. Each serves its own purpose, one is suppose to find vulnerabilities, and the other is suppose to offer a layer of protection. Bottom line, get your developer/vendor to develop secure web applications and you won't need either. --Samuel Samuel Petreski Sr. Security Analyst CIO Office University of Iowa samuel-petreski () uiowa edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Youngquist, Jason R. Sent: Monday, May 19, 2008 1:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [spam?####] [SECURITY] Web application monitoring, web application scanning products, and web application firewalls As many of you know, web application attacks such as SQL injection have been on the rise over the past few years, and more recently, automated SQL attacks infecting numerous websites have been making the news. For example, headlines from isc.sans.org "SQL Injection Worm on the Loose", "2117966.net-- mass ASP/SQL injection", "Hundreds of thousands of SQL injections" etc. So I have a few questions: --Is there a program (commercial or free) that will monitor IIS web server logs in real-time for web-vulnerability attacks (and hopefully be smart enough to determine if the attack was successful or not) and then send an alert via email/SMS/pager? --web application vulnerability software vs. a web application firewall - I've looked at web application vulnerability software and agree that the best thing to do is to be able to fix vulnerable code, but there may be 3rd party web-based applications which are vulnerable and one would have to get the company to patch/fix the issue(s) which may/may not happen. I've heard of web application firewall technology where an appliance sits in front of your web server and monitors for web-based attacks and then drops/blocks the attacker's connection. --Does anyone have any experience with web application firewall technology, and if so, how well does it work? Any recommendations on products? --If you had money to spend and could get either a web vulnerability scanner or a web application firewall, which one would you purchase and why? I see pros/cons with both. Thanks. Jason Youngquist Network Engineer - Security Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
Attachment:
smime.p7s
Description:
Current thread:
- Re: Web application monitoring, web application scanning products, and web application firewalls Petreski, Samuel (May 19)
- <Possible follow-ups>
- Re: Web application monitoring, web application scanning products, and web application firewalls Ozzie Paez (May 19)