0
Web Application Security
security. protection. intelligence.Q: Where Do Your Current SecurityMeasures Fail?A: Your Proprietary, Custom writtenWeb A...
security. protection. intelligence.Today over 70% of attacks against a company‟sWeb site or Web application come at the„Ap...
security. protection. intelligence.A: Enact policies requiring your developersto write secure code.Q: So how do we remedy ...
security. protection. intelligence.But if you instituted this policy, howwould you effectively enforce it?What measures wo...
security. protection. intelligence.Q: But I use XYZ Scanner, won’t it discoverthese types of vulnerabilities?A: No, and th...
security. protection. intelligence.Where Today’s Security Measures Fail
security. protection. intelligence.A: Because other Scanners are a security Broadsword,where ours is a Security ScalpelWeb...
security. protection. intelligence.How SPI Solves The Problem
security. protection. intelligence.WebInspectTMscans the whole site:Web serverWeb pagesScriptsProprietary applicationsCook...
security. protection. intelligence.WebInspectTMScans authentication codesAssesses security proceduresCarves into confident...
security. protection. intelligence.WebInspect™, automates our security expertise so that customers can simulate anadvanced...
security. protection. intelligence.WebInspect™ is easy to use. Simply enter the URL of the Website or Web application you ...
security. protection. intelligence.WebInspect™ is easy to understand. The Vulnerability Report islisted in order of severi...
security. protection. intelligence.Features & Benefits of WebInspectTMUnique Focus: Your proprietary Web site or Web appli...
security. protection. intelligence.How does WebInspectTMdo this?Hidden ManipulationParameter TamperingCookie PoisoningStea...
security. protection. intelligence.The SPI Works Product SuiteUse WebInspectTMtoassess current Websites or Webapplications...
security. protection. intelligence.Our CompanyFounded in April 2000 by recognized InformationSecurity industry expertsRele...
security. protection. intelligence.SPI Dynamics is the leading provider ofautomated Web Application security products.SPI ...
Upcoming SlideShare
Loading in...5
×

SPI Dynamics web application security 101

160

Published on

Web application security 101 explained by SPI Dynamics.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
160
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "SPI Dynamics web application security 101 "

  1. 1. Web Application Security
  2. 2. security. protection. intelligence.Q: Where Do Your Current SecurityMeasures Fail?A: Your Proprietary, Custom writtenWeb Applications
  3. 3. security. protection. intelligence.Today over 70% of attacks against a company‟sWeb site or Web application come at the„Application Layer‟ not the Network or Systemlayer.A complete security solution requires attention at each potentialpoint of attack.
  4. 4. security. protection. intelligence.A: Enact policies requiring your developersto write secure code.Q: So how do we remedy this situation?•Verify all request parameters are in proper format (via through astandard library)•Any unknown or incorrect user data should be logged andterminated.
  5. 5. security. protection. intelligence.But if you instituted this policy, howwould you effectively enforce it?What measures would you have inplace to make sure that they comply?“A unenforceable policy, or one without a process to determine theoutlined specifications, is just asgood, as no policy at all.”
  6. 6. security. protection. intelligence.Q: But I use XYZ Scanner, won’t it discoverthese types of vulnerabilities?A: No, and this is why.
  7. 7. security. protection. intelligence.Where Today’s Security Measures Fail
  8. 8. security. protection. intelligence.A: Because other Scanners are a security Broadsword,where ours is a Security ScalpelWebInspectTMis NOT meant to replace any tools that arecurrently being used, instead it complements them.Q: How can SPI Dynamics do all of thisand the others can’t?
  9. 9. security. protection. intelligence.How SPI Solves The Problem
  10. 10. security. protection. intelligence.WebInspectTMscans the whole site:Web serverWeb pagesScriptsProprietary applicationsCookiesDatabase ServerInternet IDSFirewallCC#’s DatabaseUsers DatabaseWeb Server
  11. 11. security. protection. intelligence.WebInspectTMScans authentication codesAssesses security proceduresCarves into confidential data… Just like a hacker wouldDatabase ServerInternet IDSFirewallCC#’s DatabaseUsers DatabaseWeb Server
  12. 12. security. protection. intelligence.WebInspect™, automates our security expertise so that customers can simulate anadvanced web-application attack on their own. WebInspect™ detects holes inboth standard and proprietary applications, and crawls over the entire website insearch of potential security problems.WebInspect™
  13. 13. security. protection. intelligence.WebInspect™ is easy to use. Simply enter the URL of the Website or Web application you wish to scan and click go.WebInspect™
  14. 14. security. protection. intelligence.WebInspect™ is easy to understand. The Vulnerability Report islisted in order of severity and contains HTML links for navigation.WebInspect™
  15. 15. security. protection. intelligence.Features & Benefits of WebInspectTMUnique Focus: Your proprietary Web site or Web applicationSuperior Scanning: Products codify our security expertiseExtremely Fast: WebInspectTMruns in minutes/ hours vs. days/weeks it takes to complete traditional vulnerability assessmentsAutomated: Continuously maintain your security integrityUpdated: Continuously keep up to date on the latest vulnerabilitieswith the online update featureSimple & Cost Effective: Licensed per IP address or per consultantRisk-Free: Offered on a trial basis at no cost
  16. 16. security. protection. intelligence.How does WebInspectTMdo this?Hidden ManipulationParameter TamperingCookie PoisoningStealth CommandingForceful BrowsingBackdoor/Debug OptionsConfiguration SubversionVendor–Assisted Hacking
  17. 17. security. protection. intelligence.The SPI Works Product SuiteUse WebInspectTMtoassess current Websites or Webapplications.Use WebInspectTMtoQA new applicationsduring developmentprior to release intoproduction.Available nowKnow your vulnerabilitiesUse LogAlertTMtoaudit Web logs toknow if an attackerhas successfullycompromised yourWeb site or Webapplication.Use LogAlertTMafteryou have beenattacked for Web logforensic analysis.Available nowKnow if you have been attackedUse WebDefendTMtoproactively stop Website or Web applicationintrusions.Available Q2 2002Proactively stop attacksWebInspectApplication AssessmentWebDefendApplication Intrusion ProtectionLogAlertApplication Log AuditTM TMTM
  18. 18. security. protection. intelligence.Our CompanyFounded in April 2000 by recognized InformationSecurity industry expertsReleased WebInspectTMin April 2001HQ in Atlanta, GeorgiaResellers in New York, Chicago, Washington D.C., Knoxville,Miami, LondonSPI serves clients in each of the following verticalindustries:HealthCareInsuranceFinancial ServicesGovernmentGlobal EnterpriseConsulting
  19. 19. security. protection. intelligence.SPI Dynamics is the leading provider ofautomated Web Application security products.SPI develops “hands-off” security products thatcontain the knowledge and expertise of aninformation security professional embedded in thecode.The embedded “hacker logic” enables our software tothink for the end-user, making their job easier.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×