Firewall Wizards mailing list archives
RE: Application-level Attacks
From: "Ofer Shezaf" <Ofer.Shezaf () breach com>
Date: Mon, 14 Feb 2005 13:09:54 -0500
I used the term well known study because they talk about it very much, but I never saw the source. For example out in: http://www.computerworld.com/securitytopics/security/story/0,10801,67973 ,00.html You will find: ...John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., said Web application security is a serious problem for two-thirds of all corporate Web sites. "The current generation of firewalls focuses on the network level, kind of like the walls of a fort stopping direct attack," said Pescatore. "However, close to 75% of today's attacks are tunneling through applications. Application-level firewalls are something that any critical infrastructure company needs to look at... But saying this, I think that nearly by definition most attacks are on the application layer: how many attacks employ IP header or TCP header vulnerabilities? ~ Ofer Ofer Shezaf CTO, Breach Security Tel: +972.9.956.0036 ext.212 Cell: +972.54.443.1119 ofers () breach com http://www.breach.com
-----Original Message----- From: Marcus J. Ranum [mailto:mjr () ranum com] Sent: Monday, February 14, 2005 6:47 PM To: Ofer Shezaf; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Application-level Attacks Ofer Shezaf wrote:There is also a well know study by Gartner that says that 75%-80% of attacks are carried on the application layer.Do you have a reference for this one? I'd like to look at the methodology behind it... mjr.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks Joseph S D Yao (Feb 01)
- <Possible follow-ups>
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
- Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
- Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks R. DuFresne (Feb 19)
- Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
- RE: Application-level Attacks Marcus J. Ranum (Feb 22)