Articles Tagged ‘Web Security’

Automate Web Application Security - Why, How & The Necessary Tools

automate-web-security-how-why-security-tools-1In this article, we’re going to talk about automating your web security in the safest and most effective way. We’ll also touch on a few Web Application Security automation tools worth considering using. Furthermore, we'll speak about why its important to select the right Web Application Scanning tool and how it can help meet your web development time frame, saving the company a lot of money and time.

Automation has been a popular buzzword in the digital space for a few years now. With the ability to reduce labour hours, eliminate repetitive tasks and improve the bottom line, it seems that everyone is looking for a way to automate their daily workflow to every extent possible. With web application security testing being both time-consuming and expensive, it’s a prime candidate for automation.

In the never-ending game of cat and mouse between developers, penetration testers and hackers The speed of execution plays a significant role in the identification and management of vulnerabilities. What makes the process even more challenging is the fact that both security professional and hackers are using the same or similar tools.

If you’re not taking advantage of the ability to automate some of your security scanning, it’s only a matter of time until someone beats you to the punch. In almost all situations, it’s not a risk worth taking.

Despite all the positive aspects that arrive as a result of using an automated web security scanner, there are still some important points to consider during the implementation process in order to maximize your effectiveness.

Automation Starts With Planning

As with any undertaking, in order to achieve optimal results, it’s imperative that you follow a well thought out planning process. This means before you commence automated web vulnerability scanning, you should develop a plan that is specific, measurable, attainable and time-sensitive.

Reducing risk and searching for web application vulnerabilities requires nothing short of a detailed plan. You need to understand what a potential hacker might be looking for and where the most serious risks might lie, area that will vary with every business. You also need a clear understanding of what tools you’ll be using as well as how they will be used.

Automating web securitymeans having a plan that is measurable. This is best achieved through accurate reporting and open communication amongst your team. If a web application is in development, you should be testing at specific predetermined intervals throughout the development lifecycle. Writing vulnerable code on top of vulnerable code merely exacerbates the problem.

A plan that’s attainable will help to keep you on track. Consistent and methodical testing is always better than inconsistent and haphazard.

Finally, having a time-sensitive completion date is always vital to the overall success. If your project never leaves the development and testing phase, is still a liability from a business perspective, which is why many developers turn to automatic scanning tools from both the open-source and commercial sector

Automated Versus Manual Scanning

Enforcing ICT Policies - How to Block Illegal & Unwanted Websites from your Users and Guests

Enforcing ICT Policies - How to Block Illegal & Unwanted Websites for your Users and GuestsEnsuring users follow company policies when accessing the internet has become a real challenge for businesses and IT staff. The legal implications for businesses not taking measures to enforce acceptable user policies (where possible) can become very complicated and businesses can, in fact, be held liable for damages caused by their users or guests.

A good example, found in almost every business around the world, is the offering of guest internet access to visitors. While they are usually unaware of the company’s ICT policies (nor do they really care about them) they are provided with free unrestricted access to the internet.

Sure, the firewall will only allow DNS, HTTP and HTTPS traffic in an attempt to limit internet access and its abuse but who’s ensuring they are not accessing illegal sites/content such as pornography, gambling, etc., which are in direct violation of the ICT policy?

This is where solutions like GFI WebMonitor help businesses cover this sensitive area by quickly filtering website categories in a very simple and effective way that makes it easy for anyone to add or remove specific website categories or urls.

Protect your company and enforce internet access policies on any AD user, guest user, IP address and more.

How to Block Legal Liability Sites

Enforcing your ICT Internet Usage Policy via WebMonitor is a very simple and fast process. From the WebMonitor web-based dashboard, click on Manage and select Policies:

Note: Click on any image to enlarge it and view it in high-resolution

Adding a new Policy in GFI WebMonitorFigure 1. Adding a new Policy in GFI WebMonitor

At the next screen, click on Add Policy:

 Click on the GFI WebMonitor Add Policy buttonFigure 2. Click on the GFI WebMonitor Add Policy button

Security Articles

The following articles deal with one of the hottest topics around: Network, Web and IDS (Intrusion Detection System) Security.

The articles have been carefully selected to ensure they provide acurate and upto date information to our readers, while some have been written by our team, in response to our visitors request!

Understanding SQL Injection Attacks & How They Work. Identify SQL Injection Code & PHP Caveats

Introduction-to-SQL-Injection-01SQL Injections have been keeping security experts busy for over a decade now as they continue to be one of the most common type of attacks against webservers, websites and web application servers. In this article, we explain what a SQL injection is, show you SQL injection examples and analyse how these type of attacks manage to exploit web applications and webservers, providing hackers access to sensitive data.

Additional interesting Web Hacking and Web Security content:

What is a SQL Injection?

Websites operate typically with two sides to them: the frontend and backendThe frontend is the element we see, the rendered HTML, images, and so forth.  On the backend however, there are layers upon layers of systems rendering the elements for the frontend. One such layer, the database, most commonly uses a database language called SQL, or Structured Query Language. This standardized language provides a logical, human-readable sentence to perform definition, manipulation, or control instructions on relational data in tabular form. The problem, however, is while this provides a structure for human readability, it also opens up a major problem for security.

Typically, when data is provided from the frontend to the backend of a website – e.g. an HTML form with username and password fields – this data is inserted into the sentence of a SQL query. This is because rather than assign that data to some object or via a set() function, the data has to be concatenated into the middle of a string. As if you were printing out a concatenated string of debug text and a variable’s value, SQL queries work in much the same way. The problem, however, is because the database server, such as MySQL or PostgreSQL, must be able to lexically analyse and understand the sentence’s grammar and parse variable=value definitions. There must exist certain specific requirements, such as wrapping string values in quotes. A SQL injection vulnerability, therefore, is where unsanitized frontend data, such as quotation marks, can disrupt the intended sentence of a SQL query.

How Does a SQL Injection Work?

Web Application Security Best Practices that Help in Securing Your Web-Enabled App

Web Application Security Best Practices

Successful web application attacks and the data breaches that are resulting from these attacks, have now become everyday news, with large corporations being hit constantly.

Our article covering major security breaches in well—known companies, clearly demonstrates that there are many gaps in web security, which are causing multi-million dollar damages to companies world-wide. In this article we analyze the best security practices and principals to help increase your web application security.

While security experts are adamant that there is still much to improve in most web applications’ security, the gaping security holes that attackers are exploiting, are still present, as can be confirmed by some of the latest string of attacks on Yahoo and several departments of the government of the United States.

These attacks, as one can imagine, are the cause of financial loss as well as loss of client trust. If you held an account with a company that suffered a data breach, you would think twice before trusting that company with your data again. Recently, developers have been brought into the fold with regards to web application security; a field that a couple of years ago was only relevant to security professionals whose jobs revolve around security. Nowadays, security has become a requirement that has to be implemented, for a web application developer to meet all the necessary deliverables. Security needs to become a part of the development process, where it is implemented in the code that is being written, and not just as an afterthought that becomes relevant after an attack.

Articles To Read Next:

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup