Educause Security Discussion mailing list archives

Re: Web application monitoring, web application scanning products, and web application firewalls

From: "Petreski, Samuel" <samuel-petreski () UIOWA EDU>
Date: Mon, 19 May 2008 17:00:06 -0500

I would suggest checking out the following two packages based on your Web
Server,

for IIS - Aqtronix WebKnight - http://www.aqtronix.com/?PageID=99
for Apache - ModSecurity - http://www.modsecurity.org

In regards to Web Vulnerability Scanner vs. Web App. Firewall, I don't think
they can be compared. Each serves its own purpose, one is suppose to find
vulnerabilities, and the other is suppose to offer a layer of protection.
Bottom line, get your developer/vendor to develop secure web applications
and you won't need either.

--Samuel

Samuel Petreski
Sr. Security Analyst
CIO Office
University of Iowa
samuel-petreski () uiowa edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Youngquist, Jason R.
Sent: Monday, May 19, 2008 1:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [spam?####] [SECURITY] Web application monitoring, web application
scanning products, and web application firewalls

As many of you know, web application attacks such as SQL injection have
been on the rise over the past few years, and more recently, automated
SQL attacks infecting numerous websites have been making the news.  For
example, headlines from isc.sans.org "SQL Injection Worm on the Loose",
"2117966.net-- mass ASP/SQL injection", "Hundreds of thousands of SQL
injections" etc.


So I have a few questions:
--Is there a program (commercial or free) that will monitor IIS web
server logs in real-time for web-vulnerability attacks (and hopefully be
smart enough to determine if the attack was successful or not) and then
send an alert via email/SMS/pager?
--web application vulnerability software vs. a web application firewall
- I've looked at web application vulnerability software and agree that
the best thing to do is to be able to fix vulnerable code, but there may
be 3rd party web-based applications which are vulnerable and one would
have to get the company to patch/fix the issue(s) which may/may not
happen.  I've heard of web application firewall technology where an
appliance sits in front of your web server and monitors for web-based
attacks and then drops/blocks the attacker's connection.
        --Does anyone have any experience with web application firewall
technology, and if so, how well does it work?  Any recommendations on
products?
        --If you had money to spend and could get either a web
vulnerability scanner or a web application firewall, which one would you
purchase and why?  I      see pros/cons with both.


Thanks.
Jason Youngquist
Network Engineer - Security
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
jryoungquist () ccis edu
http://www.ccis.edu

Attachment: smime.p7s
Description:

Current thread:

Re: Web application monitoring, web application scanning products, and web application firewalls Petreski, Samuel (May 19)
- <Possible follow-ups>
- Re: Web application monitoring, web application scanning products, and web application firewalls Ozzie Paez (May 19)