Protecting Web applications

In our last newsletter we looked at stateful vs. deep packet inspection firewalls.  This week our Technology Update author takes a look at similar technology: the appliance-based Web application security device.

Specifically these are the kinds of devices that would support a firewall specifically designed to protect Web applications.  Here are a few of the activities such devices work on:

* Unvalidated parameters: Malicious or erroneous client-side data is accepted without validation. Hacker can hijack client accounts, steal data and obtain private information.

* Command and SQL injection: Web application passes SQL commands to back-end databases. Hacker can trick the database into dumping all account information.

* Buffer overflows:  Inject and execute shell code by overflowing buffers, meaning a hacker can crash the server or take complete control, as in the cases of the Code Red and Nimda attacks.

* Cross-site scripting:  Breaks trust relationship between client and server. Customer credentials and information can be compromised and their identities stolen. 

* Forceful browsing: Client accesses unauthorized and unadvertised URLs. Hacker can get access to root directory or other off-limit areas.

Web application firewall vendors include eEye Digital Security, KaVaDo, MultiNet, Sanctum, Turillion Software and webScurity. Hardware vendors include MagniFire WebSystems, Permeo, Teros and Whale Communications. Cisco, Check Point, Nauticus, NetScaler 9000 Secure Application Gateway and many others offer Web application firewall capabilities within existing products.

For more on this topic see: https://www.nwfusion.com/news/tech/2004/0202techupdate.html