Posted: July 20th, 2009 | Filed under: IIS & HTTP, Web and Application Security | Tags: buffer overflow attacks, cross-site scripting, firewalls, serverdefender vp, sql injection, web application firewall, web security
The importance of Web application firewalls
The front of your website can appear as calm as a lake surface, but underneath do you really know what kind of trouble is brewing? While your website is online it is being subjected to traffic; tons of traffic for some of you lucky ones, some legitimate, some suspect. The not-so-wanted traffic can include hackers and spammers who are trying to break through the defenses of your site to get to your server and then either corrupt or steal information from your databases. Read the rest of this entry »
No Comments »
Posted: April 20th, 2009 | Filed under: Web and Application Security | Tags: cross-site scripting, firewall, owasp, web application firewall, web security, xss attacks, xss flaws, xss vulnerabilities
In his recent article on XSS vulnerabilities, Brian Krebs of the Washington Post reports that last year thousands of Web sites were cited for harboring security flaws that could be used to attack others online.
“At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user usually from something like a search box or e-mail form but do not prevent users from entering malicious code or other instructions.” Read the rest of this entry »
No Comments »
Posted: January 16th, 2009 | Filed under: IIS & HTTP | Tags: WAF, web application firewall, Web Security Tools
The Information Security community has been buzzing this week with talk of the newly released CWE/SANS Top 25 Most Dangerous Programming Errors. The goal of the report is to identify not just security vulnerabilities (think OSASP Top Ten), but the programming errors that create those holes. Read the rest of this entry »
2 Comments »
