RE: Web Application Security

["Jayaraman, Anand X." <AJayaraman () ATPCO NET>]

If you are limited by the tools/resources Data center would allow. The best source would be have custom logging and 
analyze the logs. You can also create triggers based on what you see in the logs for alerting. Beware of false 
positives.
 
Anand

________________________________

From: listbounce () securityfocus com on behalf of Zack Peters
Sent: Tue 3/11/2008 1:41 PM
To: Javier Fernandez-Sanguino; mahendra_yn () yahoo com
Cc: webappsec () securityfocus com
Subject: Re: Web Application Security




--- Javier Fernandez-Sanguino
<jfernandez () germinus com> wrote:

> mahendra_yn () yahoo com dijo:
> > Hi all,
> >
> >
> > I need to harden a web application which is hosted
> in a datacentre.I
> > need to monitor the webapplication 24/7.I also
> need to ensure that
> > there would be no phising attacks on this
> website,I know there are a
> > couple of 3rd party web application firewalls
> available which can do
> > all this,but the question is will the datacentre
> allow me to do
> > this-as a 3rd party service provider?if it doesnt
> allow then what are
> > the other best options available for me.
>
> 3rd-party WAFs will actually prevent *some* phishing
> attacks they
> probably cannot cover all possible XSS attacks,
> since these are really
> application-dependant.

The other option from a Web Application Firewall is to
use a black box tester and look for vulnerabilities
within your Web application. I personally think that
is a better approach since you are "fixing" the source
of potential vulnerabilities rather than "hiding" them
behind a firewall. The solution that has met my needs
and which I would recommend is Cenzic's Hailstorm. I
have been very happy with the vulnerabilties they have
found. (well, not really happy with the vulns but
happy that I discovered them before someone else did).

Zack


      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page.
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------





-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------