* Teros aims to protect Web apps from malicious attacks According to Teros, a developer of Web services security devices, the threat of malicious attacks by hackers is growing exponentially, and the resulting costs are in the billions of dollars. Code Red alone cost businesses more than $2 billion in downtime and repairs and the estimate for the cost of security-related downtime to U.S. businesses in a 12 month period is $273 billion, says Teros on its Web site.Locking down your Web Applications to prevent the bad guys doing the things that bad guys like to do is one of the biggest concerns for Web developers and administrators.While a significant amount of protection can be provided through the configuration of Web servers and firewalls, the big risks lies in the actual exchanges between client applications and Web servers.The kinds of security challenges involved include bogus data which can be used to exploit buffer overruns, forged requests, poor coding practices, cookie tampering, form mismatch attacks, SQL Insertion and URL hacking. Specialized security devices are a powerful way of dealing with these issues and the technology behind them is interesting. For example, Teros’ Teros-100 APS is as far as I am aware, unique in examining all HTTP traffic using something the company calls the HTML Interaction Model or HIM.The objective of HIM is to discriminate valid HTTP exchanges from invalid exchanges in real time. HIM is a state transition model for HTTP traffic that defines what are allowable requests and responses in the context of an HTTP session. According to the company, this framework is based on the definitions of the HTTP 1.0 standard (RFC 1945), the HTTP 1.1 standard (RFCs 2068 and 2616), and current HTML and Java coding practice.The idea is that any exchanges that violate the model are blocked unless specific non-standard exchanges are enabled. Exactly what these non-standard exchanges are can be established by running the Teros-100 APS in “learning mode” which detects and lists the exceptions. These can then be added to the rule set to prevent blocking.The device also supports high-level content checking for example, for valid credit card and social security numbers or that a password string is at least as complex as required by system policies.And lest you worry that such complex checking will add overhead to your Web applications and services the company notes that independent testing determined that the Teros-100 APS adds around 1 millisecond of latency to HTPP exchanges.The Teros-100 APS is priced starting at $25,000. Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Network Management Software Networking opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe