MI5Networks, Nir Zuk of Palo Alto Networks, and Shlomo Kramer of Imperva. All of them are industry veterans and all of them are developing products to address the inability of standard network security gear to address web application attacks. just announced Big Oops in Deutsche Telekom's web portal is a case in point. From reading the report I surmise that they exposed the entire database of 30 million subscribers. If a hacker had stumbled on the problem they could have sucked down those identities, including bank account info, in minutes. One truism in exposing web applications is that stuff happens. No matter how well you analyze your code, test your applications, and scan on a regular basis you can still have mis-configurations that expose critical data.
I had conversations lately with three CEO's of web application defense companies: Doug Camplejohn of
Of the three I talked to Imperva's products are the best suited for addressing this kind of issue. Usually deployed inline, Imperva's web application firewall can detect and block the activity needed to grab a database such as in DT's recent blunder.
Deploying a web application firewall would have been preferable to having to announce the blunder.
Thanks to Martin McKeay for the tip on this story.