Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Web Application Security

Re: Web Application Security

From: Zack Peters <zackpeters75_at_yahoo.com>
Date: Tue, 11 Mar 2008 10:41:16 -0700 (PDT)

--- Javier Fernandez-Sanguino
<jfernandez_at_germinus.com> wrote:

> mahendra_yn_at_yahoo.com dijo:
> > Hi all,
> >
> >
> > I need to harden a web application which is hosted
> in a datacentre.I
> > need to monitor the webapplication 24/7.I also
> need to ensure that
> > there would be no phising attacks on this
> website,I know there are a
> > couple of 3rd party web application firewalls
> available which can do
> > all this,but the question is will the datacentre
> allow me to do
> > this-as a 3rd party service provider?if it doesnt
> allow then what are
> > the other best options available for me.
>
> 3rd-party WAFs will actually prevent *some* phishing
> attacks they
> probably cannot cover all possible XSS attacks,
> since these are really
> application-dependant.
>

The other option from a Web Application Firewall is to
use a black box tester and look for vulnerabilities
within your Web application. I personally think that
is a better approach since you are "fixing" the source
of potential vulnerabilities rather than "hiding" them
behind a firewall. The solution that has met my needs
and which I would recommend is Cenzic's Hailstorm. I
have been very happy with the vulnerabilties they have
found. (well, not really happy with the vulns but
happy that I discovered them before someone else did).

Zack

      ____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Mar 11 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos