WebApp Sec mailing list archives

Re: Web Application Security

From: Zack Peters <zackpeters75 () yahoo com>
Date: Tue, 11 Mar 2008 10:41:16 -0700 (PDT)


--- Javier Fernandez-Sanguino
<jfernandez () germinus com> wrote:

mahendra_yn () yahoo com dijo:

Hi all,


I need to harden a web application which is hosted

in a datacentre.I

need to monitor the webapplication 24/7.I also

need to ensure that

there would be no phising attacks on this

website,I know there are a

couple of 3rd party web application firewalls

available which can do

all this,but the question is will the datacentre

allow me to do

this-as a 3rd party service provider?if it doesnt

allow then what are

the other best options available for me.


3rd-party WAFs will actually prevent *some* phishing
attacks they 
probably cannot cover all possible XSS attacks,
since these are really 
application-dependant.


The other option from a Web Application Firewall is to
use a black box tester and look for vulnerabilities
within your Web application. I personally think that
is a better approach since you are "fixing" the source
of potential vulnerabilities rather than "hiding" them
behind a firewall. The solution that has met my needs
and which I would recommend is Cenzic's Hailstorm. I
have been very happy with the vulnerabilties they have
found. (well, not really happy with the vulns but
happy that I discovered them before someone else did).

Zack 


      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

Web Application Security mahendra_yn (Jan 25)
- Re: Web Application Security Javier Fernandez-Sanguino (Mar 10)
  - Re: Web Application Security Zack Peters (Mar 11)
    - RE: Web Application Security Jayaraman, Anand X. (Mar 11)
    - RE: Web Application Security Ofer Shezaf (Mar 12)