Security Information and Review

Collection of security information and review

Archive for the 'Web Application Security' Category

The Guideline to Improve Web Application Security

Author : Admin

In the previous discussion, The Essential Guidelines for Securing Platform Web Application that there are two category in the web vulnerability. In this discussion we will discuss about how to create web application more secure, with high availability and stable. There are several things that must be considered to building web application more secure and stable. We will discuss more detail in this discussion.

 

If our application supports individual users, then record how users must authenticate to the application with some of the authenticate methods, such HTTP Basic, HTTP Digest, HTTP NTLM and Form Based. Keep in mind that challenge / response mechanisms do not protect passwords with 100 percent security. … continue reading : The Guideline to Improve Web Application Security.

19 July 2009 at 03:34 - Comments

The Essential Guidelines for Securing Platform Web Application

Author : Admin

In this discussion, we will discuss about how to a make secure web application. As we know, there are two categories into which web vulnerabilities, the platform of web server and web application itself. The first category contain vulnerabilities within the platform of web server such Linux, MS Windows, Apache, IIS, MySQL, MS SQL, Oracle and others. The other category is web application itself such programming errors, enable malicious code and an attacker to execute arbitrary database query and others type of the web application vulnerabilities. … continue reading : The Essential Guidelines for Securing Platform Web Application.

19 July 2009 at 02:28 - Comments

Vulnerability Web Browser Firefox 3.5 with Highly Critical Security

Author : Admin

Mozilla Firefox 3.5 was released June 30th, 2009 that is claimed as the best modern web browser and more faster to render web pages. However, in July 13, 2009, SBerry has discovered a vulnerability in web browser Mozilla Firefox, which can be exploited by malicious people to compromise a user’s system. This is the first vulnerability of Mozilla Firefox v3.5 that was published.

Mozilla Firefox with new features like private browsing, tear-off tabs and enhancements to the Awesome Bar, plus major performance enhancements. In the security improvement, secure surfing is top priority, anti phishing, anti malware technology and have added private browsing and “forget this site” options to ensure our privacy. … continue reading : Vulnerability Web Browser Firefox 3.5 with Highly Critical Security.

15 July 2009 at 12:50 - Comments

How to Tighten Web Browser Security

Author : Admin

There are several step, we as client or users can take to make web browsers and e-mail client more secure and protect against malicious code or unauthorized use of information. In this discussion, we will describe step by step how to tighten the security of web browser in general browsers or client, it’s not specific in one of the browsers.

 

First step to make sure our browser more secure is restricting the use of programming languages. Most web browsers have option settings that allow users to restrict or deny the use of web based programming languages. For example, Internet Explorer can be set to do one of three things when a JavaScript, Java or Activex element appears on a web page : Always allow, Always Deny and Prompt for user input. … continue reading : How to Tighten Web Browser Security.

13 July 2009 at 22:35 - Comments

Artofdefence Hyperguard Vulnerability

Author : Admin

Hyperguard is a latest-generation enterprise Web application firewall with attack detection and attack protection functions that are freely configurable. Hyperguard enables centralized security monitoring, reporting and alerting and provides custom protection for your Web applications against external attacks. Hyperguard is a software-based web application firewall that is intended to be installed directly on the web server to be protected. It acts as a plugin that integrates into the web server.

 

Hyperguard has a modular design that enables different components to be operated on different servers and therefore work in cluster environments. It is for example possible to protect several web servers using multiple instances of Hyperguard on different machines while all configuration and monitoring can be done on a single master host. Hyperguard is divided into three components. … continue reading : Artofdefence Hyperguard Vulnerability.

3 July 2009 at 17:15 - Comments

Phion Airlock : Web Application Security and Vulnerability

Author : Admin

One of the famous web application firewall is Phion Airlock. It’s web application firewall which will protect and prevent attacker to access data.  Airlock web application firewall ( WAF ) provides a unique combination of protective mechanisms for web applications. Whether you want to observe PCI DSS, safeguard online banking or protect e-commerce applications: Airlock ensures sustained and manageable web application security.

 

The Phion Airlock web application firewall provides an application security gateway, which protects web applications against attacks. The product is completely independent from application or web servers, so security enforcement tasks are outsourced. phion airlock is a software appliance, which makes it possible to also run it in a virtualized environment. As the analyzing tasks are very load intensive, dedicated hardware is recommended. Airlock is a software appliance based on Sun Solaris 10 and is operate as secure reverse proxy technology with optional Single Sign On ( SSO ) authentication and access control capabilities. Airlock is designed and marketed by Phion that started as the brainchild of three young, Wieland Alge, Klaus Gheri and Peter Marte in 2000. … continue reading : Phion Airlock : Web Application Security and Vulnerability.

3 July 2009 at 15:38 - Comments

Radware AppWall : Feature and Vulnerability Review

Author : Admin

Radware AppWall is a web application firewall ( WAF ), designed and marketed by Radware. It’s design to make the secure web application and prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. It enables PCI compliance by mitigating Web application security threats and vulnerabilities to prevent data theft and manipulation of sensitive corporate and customer information. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block attacks and report events.
… continue reading : Radware AppWall : Feature and Vulnerability Review.

3 July 2009 at 01:35 - Comments

Hardening Web Base Application with Web Application Firewall

Author : Admin

Web Base Application, currently is not become a trend but also a solution in the online system. So, we need to hardening and improve our web base application security with web application firewall, as web application security threats and vulnerabilities to prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. Web application firewalls are generally operate as proxies between clients and web servers. All requests and optionally responses are checked for patterns that indicate attacks against the provided web base application. The matching parts of the requests with the pattern or rule in the web application firewall, the request will be deleted or not forwarded to web base application. If a request is denied, an appropriate error is risen and delivered as a HTTP response to the client browser.

… continue reading : Hardening Web Base Application with Web Application Firewall.

3 July 2009 at 00:42 - Comments

Problem and Solution : Cross Site Request Forgery ( XSRF )

Author : Admin

Cross Site Request Forgery ( XSRF ) is a type of attacker technique with malicious code to exploit of a website or web application where by unauthorized commands are transmitted from a user that the website trusts. Attacker use a user that the website trusts with technique cross domain vulnerability, see detail at web based application and basic cross domain security. Cross Site Request Forgery also known as a one click attack or session riding and abbreviated.
… continue reading : Problem and Solution : Cross Site Request Forgery ( XSRF ).

24 June 2009 at 23:24 - Comments

Web Based Application and Basic Cross Domain Security

Author : Admin

Cross Domain Security issue is able people attention, as client, site owner or web base developer. With this vulnerability, cross domain security, allowing an attacker to access privat data on client browser in the same browser. We will take the case to clarify the description above by example. Client views a page on a malicious web site, attacker-hacker-site.com and other side is interacting with shopping online, victim-shop-online.com in the same browser, possibly in a different window. Code embedded in the malicious web page from attacker-hacker-site.com might be able to gain access to this user’s session with victim-shop-online.com, learn sensitive data associated with this user within the context of victim-shop-online.com, or maliciously make requests to victim-shop-online.com that appear to originate from this user. This issue was called the vulnerability cross domain security, the interaction of applications on different domains on the same browser used by the client. So, it’s very dangerous.

… continue reading : Web Based Application and Basic Cross Domain Security.

24 June 2009 at 14:04 - Comments