WebApp Sec: Re: Web Application Security

[Javier Fernandez-Sanguino <jfernandez () germinus com>]

mahendra_yn () yahoo com dijo:
> Hi all,
>
>
> I need to harden a web application which is hosted in a datacentre.I
> need to monitor the webapplication 24/7.I also need to ensure that
> there would be no phising attacks on this website,I know there are a
> couple of 3rd party web application firewalls available which can do
> all this,but the question is will the datacentre allow me to do
> this-as a 3rd party service provider?if it doesnt allow then what are
> the other best options available for me.
3rd-party WAFs will actually prevent *some* phishing attacks they 
probably cannot cover all possible XSS attacks, since these are really 
application-dependant.
If you want to harden the application review its code and make sure 
there are no exploitable vulnerabilities there. You should turn over to 
OWASP's best practices for web applications (check out www.owasp.org)
If this is a daunting task, you can contract an IT security company to 
perform a (formal) security review or a penetration testing of the 
application.
HTH

Javier


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------