WebApp Sec mailing list archives
RE: Web Application Security
From: "Jayaraman, Anand X." <AJayaraman () ATPCO NET>
Date: Tue, 11 Mar 2008 14:53:52 -0400
If you are limited by the tools/resources Data center would allow. The best source would be have custom logging and analyze the logs. You can also create triggers based on what you see in the logs for alerting. Beware of false positives. Anand ________________________________ From: listbounce () securityfocus com on behalf of Zack Peters Sent: Tue 3/11/2008 1:41 PM To: Javier Fernandez-Sanguino; mahendra_yn () yahoo com Cc: webappsec () securityfocus com Subject: Re: Web Application Security --- Javier Fernandez-Sanguino <jfernandez () germinus com> wrote:
mahendra_yn () yahoo com dijo:Hi all, I need to harden a web application which is hostedin a datacentre.Ineed to monitor the webapplication 24/7.I alsoneed to ensure thatthere would be no phising attacks on thiswebsite,I know there are acouple of 3rd party web application firewallsavailable which can doall this,but the question is will the datacentreallow me to dothis-as a 3rd party service provider?if it doesntallow then what arethe other best options available for me.3rd-party WAFs will actually prevent *some* phishing attacks they probably cannot cover all possible XSS attacks, since these are really application-dependant.
The other option from a Web Application Firewall is to use a black box tester and look for vulnerabilities within your Web application. I personally think that is a better approach since you are "fixing" the source of potential vulnerabilities rather than "hiding" them behind a firewall. The solution that has met my needs and which I would recommend is Cenzic's Hailstorm. I have been very happy with the vulnerabilties they have found. (well, not really happy with the vulns but happy that I discovered them before someone else did). Zack ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Web Application Security mahendra_yn (Jan 25)
- Re: Web Application Security Javier Fernandez-Sanguino (Mar 10)
- Re: Web Application Security Zack Peters (Mar 11)
- RE: Web Application Security Jayaraman, Anand X. (Mar 11)
- RE: Web Application Security Ofer Shezaf (Mar 12)
- Re: Web Application Security Zack Peters (Mar 11)
- Re: Web Application Security Javier Fernandez-Sanguino (Mar 10)