Security Information and Review

Collection of security information and review

Radware AppWall : Feature and Vulnerability Review

Author : Admin

Radware AppWall is a web application firewall ( WAF ), designed and marketed by Radware. It’s design to make the secure web application and prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. It enables PCI compliance by mitigating Web application security threats and vulnerabilities to prevent data theft and manipulation of sensitive corporate and customer information. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block attacks and report events.

 

Radware AppWall has more features and benefits such security policies base on a negative and positive security model. With security policies based on a negative security model, Radware AppWall comprehensive web application attack protection and risk mitigation, rapid deployment, instant protection and simple operation. With a positive security model, It’s on the fly secure new web base application deployment and reduces operations complexity due to automatic learning capability.

 

Radware AppWall

Radware AppWall

 

 

Radware AppWall as web application firewall usually operates as a reverse proxy, see detail information about this at hardening web base application with web application firewall. So, all HTTP requests are checked before being forwarded to the web server or web base application. Radware AppWall can be managed via a separate web management interface. Web management interface is normally not accessible for external users. The web management interface is realized using PHP programming language. Commonly known, some of the configuration and the functionality is stored in include files ( .inc ) and embedded when needed. The files have *.inc extension are not compiled and interpreted by the web server. Radwall AppWall has vulnerability that allowing attacker access to the web management interface can therefore access part of the product source code by requesting the inclide files directly. How to concept to exploit Radware AppWall with this vulnerability ?

 

The following example requests reveal product source code enabling an attacker to search for further implementation vulnerabilities:
https://myweb-server/appwall/Management/funcs.inc
https://myweb-server/appwall/Management/defines.inc
https://myweb-server/appwall/Management/msg.inc

 

Get detail information about Radware WebApp as web application firewall can be found at htp://www.h4ck1nb3rg.at/wafs/, advisory originates from.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
Thank for this well writed article. I will visit this blog more! How can i stay updated? (RSS) or something??
27 December 10 at 07:54
If you like this posts, please leave messages / comments.