WebApp Sec mailing list archives
Re: Web Application Security
From: Zack Peters <zackpeters75 () yahoo com>
Date: Tue, 11 Mar 2008 10:41:16 -0700 (PDT)
--- Javier Fernandez-Sanguino <jfernandez () germinus com> wrote:
mahendra_yn () yahoo com dijo:Hi all, I need to harden a web application which is hostedin a datacentre.Ineed to monitor the webapplication 24/7.I alsoneed to ensure thatthere would be no phising attacks on thiswebsite,I know there are acouple of 3rd party web application firewallsavailable which can doall this,but the question is will the datacentreallow me to dothis-as a 3rd party service provider?if it doesntallow then what arethe other best options available for me.3rd-party WAFs will actually prevent *some* phishing attacks they probably cannot cover all possible XSS attacks, since these are really application-dependant.
The other option from a Web Application Firewall is to use a black box tester and look for vulnerabilities within your Web application. I personally think that is a better approach since you are "fixing" the source of potential vulnerabilities rather than "hiding" them behind a firewall. The solution that has met my needs and which I would recommend is Cenzic's Hailstorm. I have been very happy with the vulnerabilties they have found. (well, not really happy with the vulns but happy that I discovered them before someone else did). Zack ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Web Application Security mahendra_yn (Jan 25)
- Re: Web Application Security Javier Fernandez-Sanguino (Mar 10)
- Re: Web Application Security Zack Peters (Mar 11)
- RE: Web Application Security Jayaraman, Anand X. (Mar 11)
- RE: Web Application Security Ofer Shezaf (Mar 12)
- Re: Web Application Security Zack Peters (Mar 11)
- Re: Web Application Security Javier Fernandez-Sanguino (Mar 10)