Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

RE: Web Application Security
From: "Jayaraman, Anand X." <AJayaraman () ATPCO NET>
Date: Tue, 11 Mar 2008 14:53:52 -0400
If you are limited by the tools/resources Data center would allow. The best source would be have custom logging and 
analyze the logs. You can also create triggers based on what you see in the logs for alerting. Beware of false 
positives.
 
Anand

________________________________

From: listbounce () securityfocus com on behalf of Zack Peters
Sent: Tue 3/11/2008 1:41 PM
To: Javier Fernandez-Sanguino; mahendra_yn () yahoo com
Cc: webappsec () securityfocus com
Subject: Re: Web Application Security




--- Javier Fernandez-Sanguino
<jfernandez () germinus com> wrote:


mahendra_yn () yahoo com dijo:

Hi all,


I need to harden a web application which is hosted

in a datacentre.I

need to monitor the webapplication 24/7.I also

need to ensure that

there would be no phising attacks on this

website,I know there are a

couple of 3rd party web application firewalls

available which can do

all this,but the question is will the datacentre

allow me to do

this-as a 3rd party service provider?if it doesnt

allow then what are

the other best options available for me.


3rd-party WAFs will actually prevent *some* phishing
attacks they
probably cannot cover all possible XSS attacks,
since these are really
application-dependant.



The other option from a Web Application Firewall is to
use a black box tester and look for vulnerabilities
within your Web application. I personally think that
is a better approach since you are "fixing" the source
of potential vulnerabilities rather than "hiding" them
behind a firewall. The solution that has met my needs
and which I would recommend is Cenzic's Hailstorm. I
have been very happy with the vulnerabilties they have
found. (well, not really happy with the vulns but
happy that I discovered them before someone else did).

Zack


      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page.
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------





-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]