Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Web application firewalls prevent latest attack mechanisms.

Applicure Technologies : 10 January, 2008  (Technical Article)
Yaacov Sherban, CEO of Applicure Technologies explains why application protection is needed in addition to simply protecting network vulnerabilities in order to guard against the latest wave of malware.
The recent SQL injection attack which compromised more than 70,000 websites (including .gov and .edu sites) and hijacked visitors' PCs is another real life example of how hackers are now targeting applications instead of network vulnerabilities.

This time it was a database attack: MS SQL was attacked, next time it could be Oracle, MySQL or indeed some entirely different system component. The unavoidable conclusion is that unless organizations deploy a web application firewall with updating capabilities their websites, customers, and information assets will be exposed to attacks. The underlying fact is that developers are unable to build secure web applications for three main reasons:

1. Developers are not working closely enough with the security industry to develop securer applications. Security training and secure coding are essential to create safer applications.

2. Even if a developer did a good job, new vulnerabilities are discovered all the time and the system developed will always need to play catch up. The problem is inherent to the system architecture and cannot be addressed by secure coding alone.

3. Investment in developing secure applications is not a high priority, and it is very costly. We have seen cases where secure development doubled the development costs. And then there is a need to maintain the investment to cover patching and other updates. Some organisations opt for penetration testing after the application was developed, but at this time it is too late the fix the problem thoroughly and ensure patches do not create new security problems.

While the industry strives to address these issues, Applicure Technologies offers a tool for system owners to protect their existing non-secured applications against the majority of threats. dotDefender adds a security layer to applications that stops harmful requests before they reach the application, thus preventing abuse of the vulnerabilities.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo