Blog Posts Tagged with "Web Application Firewalls"

Ebe141392ea3ebf96ba918c780ea1ebe

Web Application Firewalls: There is No Spoon

July 12, 2012 Added by:Wendy Nather

I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Why Does Software Security Keep Falling off your Budget?

May 22, 2012 Added by:Rafal Los

Approximately 3 out of 4 attacks against your enterprise or organization come at your applications. Whether it's at your website, at the mobile app you've deployed, or your enterprise API - you're being attacked where the lowest defenses are - the application...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Penny Wise, Pound Foolish: Avoiding Security Spend Pitfalls

February 07, 2012 Added by:Fergal Glynn

Knowing how much money you’re going to spend upfront is a challenge until you have the application inventory, until you know what your risk tolerances are, and until you have a fair idea of what the problems are. You’ll have to start slow and realize the number may grow...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 1

January 31, 2012 Added by:Gary McCully

Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

Significance of 'Death of the Document Web' to Security

January 18, 2012 Added by:Rafal Los

Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...

Comments  (2)

44fa7dab2a22dc03b6a1de4a35b7834a

Web Application Security - Real or Imagined?

May 17, 2011 Added by:Bill Gerneglia

Once an user accesses your databases through a web application, your control over the user's actions diminishes. A malicious user can "craft" inputs into their browser that allow them to do things other than what you want them to do. Security is a real concern in such a situation...

Comments  (0)

11146d62a6c31fb9fac8ac8ac991e08d

Why does Web App Security Continue to Stink?

February 21, 2011 Added by:Andy Willingham

Many security issues arise from assuming that the advice of someone else (consultant, vendor) is going to keep you secure. Companies are rolling out web based applications faster than they realize. When you don’t know how many web apps you have, you have bigger problems than just securing them...

Comments  (1)

E9a8f256f4904b06246375df06a8864b

Compliance != Security

June 17, 2010 Added by:Gaurav Kumar

In this post I am going to express my disappointment with a disturbing trend - more focus is being given to compliance than security. I don't have anything personal against compliance, in fact, in my last job, I was IT Audit Manager and performed compliance related audits. While compliance is necessary and important, it is not sufficient from security perspective. One can be in compliance and stil...

Comments  (4)