Shelter In Computers
: Our Aim & Mission as a Organization to Promote Information
Technology , Cyber Secuirty , Entrepreneurship Education into Young Generation
, Teach , Train & Employee them in Eduction Sector , Banks & Different
Industries and Bulid them Future Leaders.
Web Application Security
Protect What Matters Most: Your Critical Web Applications and Data
Your web applications are under siege. Cyber-criminals attack around the clock,
steal data, disrupt access, and compromise website credentials to commit further
fraud. Next generation firewalls, Intrusion Prevention Systems and other
traditional network security controls don’t stop the latest industrialized,
multi-vector attacks, leaving your organization exposed to costly and damaging
breaches and downtime. Web Application Security solutions from Imperva enable
you to prevent breaches and downtime by protecting your data where it’s accessed
– your web applications – securing them against web attacks, DDoS, site
scraping, and fraud.
Web Application Security
Headlines like “Web Application Vulnerabilities Continue to Skyrocket,” and “9
Ways Web Apps Woo Hackers,” are timeless. Since the first web application was
able to deliver rich content to visitors, attackers have looked to exploit any
holes they could to damage, deface, and defraud. As the trend to deliver
applications through web browsers continues to grow, the number of
vulnerabilities available to cyber criminals grows exponentially.
As most businesses rely on web sites to deliver content to their customers,
interact with customers, and sell products certain technologies are often
deployed to handle the different tasks of a web site. A content management
system like Joomla! or Drupal may be the solution used to build a robust web
site filled with product, or service, related content. Businesses often turn to
blogs using applications like WordPress or forums running on phpBB that rely on
user generated content from the community to give customers a voice through
comments and discussions. ZenCart and Magento are often the solutions to the
e-commerce needs of both small and large businesses who sell directly on the
web. Add in the thousands of proprietary applications that web sites rely and
the reason securing web applications should be a top priority for any web site
owner, no matter how big or small.
Risks Associated with Web Applications
Web applications allow visitors access to the most critical resources of a web
site, the web server and the database server. Like any software, developers of
web applications spend a great deal of time on features and functionality and
dedicate very little time to security. Its not that developers don’t care about
security, nothing could be further from the truth. The reason so little time is
spent on security is often due to a lack of understanding of security on the
part of the developer or a lack of time dedicated to security on the part of the
For whatever reason, applications are often riddled with vulnerabilities that
are used by attackers to gain access to either the web server or the database
server. From there any number of things can happen. They can:
Deface a web site
Insert spam links directing visitors to
Insert malicious code that installs
itself onto a visitor’s computerInsert malicious code that steals
session IDs (cookies)Steal visitor information and browsing
habitsSteal account informationSteal information stored in the
databaseAccess restricted contentAnd much more…
Preventing Web Application Attacks
application firewall you can
avoid many different threats to web applications because inspects
your HTTP traffic and checks their packets against rules such as to allow or
deny protocols, ports, or IP addresses to stop web applications from being
Architected as plug & play software, provides optimal out-of-the-box
protection against DoS threats, cross-site scripting, SQL
Injection attacks, path traversal and many other web attack techniques.
such a comprehensive solution to your web application security needs are:
Easy installation on Apache and IIS
Strong security against known and
emerging hacking attacks
Best-of-breed predefined security rules
for instant protectionInterface and API for managing multiple
servers with easeRequires no additional hardware, and
easily scales with your business
How does an attacker launch an attack against a web application?
There are many different ways malicious hackers
attack a web application. Simply
doing a bit of research with Google can expose a number of vulnerabilities in
some of the most popular web applications like WordPress, ZenCart, Joomla!,
Drupal, and MediaWiki. Not only are the vulnerabilities in these applications,
and many others, easy to find - but with an automated search attackers can find
exactly which web sites have not fixed these vulnerabilities.
Most commonly, the following tactics are used in to attack these applications:
XSS (Cross Site Scripting)
Remote Command ExecutionPath Traversal
SQL Injection works by the attacker finding an area on a web site that allows
for user input that is not filtered for escape characters. User login areas are
often targeted because they have a direct link to the database since credentials
are often checked against a user table of some sort. By injecting a SQL
statement, like ‘ ) OR 1=1--, the attacker can access information stored in the
web site’s database. Of course, the example used above represents a relatively
simple SQL statement. Ones used by attackers are often much more sophisticated
if they know what the tables in the database are since these complex statements
can generally produce better results.
Cross Site Scripting
Cross Site Scripting (XSS) attacks occur
when an attacker is able to inject a malicious client-side script into a
vulnerable web page. When these scripts are run, they can be used to install
malicious software on the visitor’s computer, steal a visitor’s cookie, or
hijack a visitor’s session.
Remote Command Execution
Remote Command Execution vulnerabilities allow attackers to pass arbitrary
commands to other applications. In severe cases, the attacker can obtain system
level privileges allowing them to attack the servers from a remote location and
execute whatever commands they need for their attack to be successful.
Path Traversal vulnerabilities give the attacker access to files, directories,
and commands that generally are not accessible because they reside outside the
normal realm of the web document root directory. Unlike the other
vulnerabilities discussed, Path Traversal exploits exist due to a security
design error - not a coding error.
The Need to Avoid Attacks
With so many web sites running applications, attackers have taken to creating
automated tools that can launch well coordinated attacks against a number of
vulnerable web sites at once. With this capability, the targets of these
malicious hackers are no longer limited to large corporate web sites. Smaller
web sites are just as easily caught up in the net cast by these automated
The repercussion of having your web site compromised can be devastating to any
business, no matter what the industry or size of the company. The after-effects
of these attacks include:
Compromised user accounts
Loss of trust with customers and/or
visitorsDamaged brand reputationLost sales revenueYour site labeled as a malicious siteLoss of search engine rankings
Protect Yourself from Attacks Against Web Applications
unique security approach eliminates the need to learn the specific
threats that exist on each web application. The software that runs
focuses on analyzing the request and the impact it has on the application.
Effective web application security is based on three powerful web application
security engines: Pattern Recognition, Session Protection and Signature
The Pattern Recognition web application security engine employed by
effectively protects against malicious behavior such as the attacks mentioned
above, and many others. The patterns are regular expression-based and designed
to efficiently and accurately identify a wide array of application-level attack
methods. As a result, is characterized by an extremely low false
What sets apart is that it offers comprehensive protection against
threats to web applications while being one of the easiest solutions to use.
In just 10 clicks, a web administrator with no security training can have
up and running. Its predefined rule set offers out-of-the box
protection that can be easily managed through a browser-based interface with
virtually no impact on your server or web site’s performance.
Securing Web Application
More than half of all breaches involve web applications* —
yet less than 10% of organizations ensure all critical applications are reviewed
for security before and during production†.
Clearly, organizations need a way to replace
fragmented, manual pen
ongoing, automated scanning so they can protect
their global application infrastructures — without hiring more consultants
or installing more servers and scanning tools.
The leading vector for cyber-attacks
Applications have become the path of least resistance for cyber-attackers
because they are:
Constantly exposed to the Internet and easy to probe by outside
attackers using freely available tools that look for common vulnerabilities
such as SQL
Easier to attack than traditional targets such as the network
and host operating system layers which have been hardened over time. Plus,
networks and operating systems are further protected by mitigating controls
such as next-generation firewalls and IDS/IPS systems.
Driven by short development cycles that increase the probability
of design and coding errors — because security is often overlooked when the
key objective is rapid time-to-market.
Assembled from hybrid code obtained from a mix of in-house
development, outsourced code, third-party libraries and open source — without
visibility into which components contain critical vulnerabilities.
Likely to present a larger attack surface with Web 2.0 technologies
Discover and continuously monitor all your
According to SANS, many
organizations don’t even know how many applications they have in their domains.
Our Discovery service addresses this visibility gap by creating a global inventory
of all your public-facing web applications such as corporate sites, temporary
marketing sites, related sites (.mail, .info, etc.), international domains
and sites obtained via M&A. Plus, Discovery leverages our massively parallel,
auto-scaling infrastructure to discover thousands of applications per day.
Parallel): Baseline your application risk by quickly identifying highly exploitable
vulnerabilities such as those found in the OWASP
Top 10 and CWE/SANS
Top 25. Leverage our massively parallel
infrastructure to test thousands of web applications simultaneously with lightweight,
non-authenticated dynamic scans. Rapidly mitigate risk by shutting down temporary
sites and feeding security intelligence information to Web Application Firewalls
Scan): Perform a comprehensive deep scan that identifies web application vulnerabilities
using both authenticated and non-authenticated scans, including looking for
attack vectors such as cross-site
scripting (XSS), SQL
injection, insufficiently protected
credentials and information leakage. Also integrates security intelligence
information with WAFs to enable virtual patching.
Virtual Scan Appliance (VSA):
Perform a deep scan of applications located behind the firewall, typically
in QA or staging environments, in order to find vulnerabilities prior to deployment.
The VSA also helps secure internal web applications from
insider attacks or attacks by malicious outsiders who gain access to insider
Developed by Webmaster Abbas Shahid Baqir
Webmaster Feedback: firstname.lastname@example.org
Reserved Copyright, 2010-2020 Student Shelter In Computers