« ARP Spoofing leads to hijacking of metasploit website | Main | Elevator pitch for explaining security risks to executives »

Article: Quick tips for Web application security

"A traditional firewall is commonly employed to restrict Web site access to Ports 80 and 443, used for HTTP and Secure Sockets Layer communications, respectively. However, such a device does very little to deter attacks that come over these connections. URL query string manipulations including SQL injection, modification of cookie values, tampering of form field data, malformed requests and a variety of other nasty tricks are often given free passage on allowed, legitimate traffic.

A Web application firewall, such as those reviewed in this issue (see review) might help address security holes in Web servers and Web applications, but there is certainly a great deal that network security professional could and should do before and after employing such measures.

So sharpen your pencils: It's time for Web Application Security 101."

Article Link: http://www.networkworld.com/techinsider/2004/0517techinsidertips.html

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!