Home >
White Papers
Top Web Incidents and Trends of 2009 and Predictions for 2010
Was your company the victim of a hacking attempt or attack last year? Are you concerned about the threats you may face in 2010? With each passing year, web security threats change and evolve to become potentially more dangerous to businesses and organizations. The Web Hacking Incident Database (WHID) monitors and analyzes web threats on an ongoing basis, providing valuable insight into new vulnerabilities hackers are looking to exploit. This white paper outlines and examines the top web incidents and trends of 2009, such as Twitter attacks and serving malware to clients, as well as predictions for what hackers will be doing in 2010. Download this white paper to understand how you can best prepare for future web application threats and attacks.
Distributed WAF Architectures: Defense in Depth
As many organizations are looking to leverage “in-the-cloud” solutions, security becomes paramount. How can organizations ensure that cloud-based services offer appropriate web application security measures? Web application firewalls have traditionally been deployed on-site in the organizations datacenters, however this architecture doesn’t scale appropriately for cloud-based security. Ideally, organizations should be able to deploy both cloud-based and datacenter-based WAF solutions to provide a holistic view of malicious traffic.
This white paper explains how Breach Security has partnered with Akamai to present a combined Edge-to-Origin WAF solution that allows users to have a consolidate view of web application threats.
The Next Wave in Web Application Firewalls: Defense-In-Depth
With Web presence being inextricably linked to business operations, enterprise investments in website features and functionality have been significant. Inherently, protecting this critical business asset is paramount not only because of its importance to business but because the dark side of the Internet, cyber criminals and hackers, never sleeps. A growing number of enterprises have embraced Web Application Firewalls as a shield against website attacks, a solution for bringing applications into compliance, and to optimize expenditures on Web application infrastructure. The collaborative Web Application Firewall solution from Breach Security and Akamai marks the next wave in Web Application Firewalls.
Web Application Firewall Deployment Mode Considerations: Inline vs. Out-Of-Line
Choosing the right deployment mode of operation for a web application firewall is critical and will impact many other features and capabilities. Choosing the wrong deployment mode may either upset end users if there is a large latency impact or, worse yet, may allow attacks to succeed if blocking mechanisms are not properly vetted. This white paper explains the different considerations for deployment modes and highlight Breach WebDefend’s capabilities in detail.
Tarnished! Protecting Your Brand From Web Application Threats
Web applications provide convenient, efficient and innovative ways for companies to communicate, transact and even market to consumers and web site users. As more and more online attacks center on web applications, IT security professionals have become rapidly familiar with the risk and threats to which they expose organizations. But while the IT security sector has began bracing for and protecting its infrastructure from web application threats, little credence has been paid to the damage that web application vulnerabilities create to a company’s intangible – yet most valuable – asset: its brand.
The Web Hacking Incidents Database 2009: Bi-Annual Report
The much anticipated Web Hacking Incidents Database (WHID) 2009 Bi-Annual Report is ready for download. The WHID project is dedicated to maintaining a record of web application-related security incidents. The WHID’s purpose is to serve as a tool for raising awareness of web application security problems and provide information for statistical analysis of web application security incidents. During the first half of 2009 the report findings show a steep rise in attacks against Web 2.0 sites - this is the most targeted vertical market with 19% of the incidents. Attack vectors exploiting the Web 2.0 features such as user-contributed content were commonly employed. Download this white paper today to learn more about the latest in web application security.
Scraping, Denial of Service, and Brute Force Attacks! Oh My!
Identifying and Controlling Automated Clients
Brute force. Denial of service. Bot attacks. Are automated programs attacking your web applications? Would you even know?
An overwhelming number of companies can't identify when automated attackers are threatening their system.
This white paper outlines what insufficient anti-automation can mean to your company as well as:
- Real-world examples of automation
- Key metrics for identifying automated clients
- Countermeasures to enforce a desired rate-limit threshold
- Best practices in anti-automation defense tactics
The Good, Bad and Necessary
The Complete Guide to PCI 6.6 Success
It seems that IT administrators and security professionals are always receiving notification of new rules, regulations and compliance codes that fall under their purview. And just when the necessary adjustments have been made, priorities shifted and new technology purchased, the rules are changed – yet again.
The Payment Card Industry Data Security Standard (PCI DSS) is no different. The PCI DSS is a requirement of any company or organization that stores, processes, transmits or comes into contact with cardholder data as of June 30, 2005. Most companies with an e-commerce or transactional component to their model fall under this umbrella. This resource provides IT security professionals with the information needed to understand PCI compliance and specifically, one of the standard’s latest requirements, 6.6. In addition, the paper offer tips for successful PCI 6.6 compliance and highlights compliance successes from real-world companies.Detecting Remote File Inclusion Attack
The biggest challenge facing security experts is their ability to detect attacks that cannot be easily detected using signatures; remote file inclusion (RFI) is a good example of such an attack. The challenges of accurately detecting RFI attacks are presented in this white paper. In order to achieve detection of unknown variants of the RFI attack this white paper defines a generic solution to the problem instead of specific solutions for known vulnerabilities by defining a generic rule set that will enable protecting application from RFI attacks.
The Perils of Cross-Site Scripting (XSS)
Cross-site Scripting (XSS) attacks are universally seen as the #1 security vulnerability facing web applications. Don’t wait another today to learn how protect your organization – download the white paper by Ryan Barnett, Director of Application Security at Breach Security. This white paper presents the following topics:
- An overview on XSS (techniques, consequences and vulnerabilities).
- The two major categories of XSS attacks: Reflected and Stored.
- Today’s latest statistics and findings regarding XSS attacks.
- Defensive tactics to prevent XSS attacks.
- Real-world examples and offensive techniques aimed at short circuiting XSS attacks.
WebDefend® and the OWASP Top Ten
With all the web application attacks and vulnerabilities surfacing - it is hard to know where to focus your security efforts. Luckily, OWASP produces the OWASP Top Ten list to raise awareness of web application security. This list is an outstanding starting point for prioritizing web application security attacks and vulnerabilities. WebDefend has been designed to address the unique security needs of web applications. This white paper provides you with a reference guide outlining how WebDefend’s collaborative attack detection can help address each of top ten issues reported by OWASP.
The Downward Spiral: Information Leakage From Your Web Applications
As with nearly anything in life, “failing” is not a positive action, response or outcome. Unfortunately, this holds true for web application failures as well. But just what do web application failures mean for your environment or your company’s security? What do they mean for your clients’ data and user experience? This white paper will explore what it means when your web applications fail, the potential impact it could have on your environment, and provide some real-world examples of application failures.
The Web Hacking Incidents Database 2008: Annual Report
The much anticipated Breach Security Lab’s Web Hacking Incidents Database (WHID) 2008 Annual Report is ready for download. The WHID project is dedicated to maintaining a record of web application-related security incidents. The WHID’s purpose is to serve as a tool for raising awareness of web application security problems and provide information for statistical analysis of web application security incidents. This year the report findings prove that no company or market sector is immune from attack. One of the largest discoveries was that web attackers have unleashed a new type of SQL Injection attack that successfully compromised 500,000 web sites. Download this white paper today to learn more about the latest in web application security.
WebDefend and the CWE/SANS Top 25 Most Dangerous Programming Errors
On January 12, 2009, the CWE & SANS announced the Top 25 Most Dangerous Programming Errors. The top industry experts from around the world were consulted to assemble this list, including Ryan Barnett, Director of Application Security Research here at Breach Security. Ryan Barnett has taken this list and compiled a report that addresses how WebDefend can help to identify and block the CWE/SANS Top 25 Issues. In this white paper you will get a side-by-side comparison of the web-specific CWE/SANS Top 25 issues and a reference outlining how WebDefend's collaborative attack detection can help to address each issue.
Changing the Game: The New Security Threats Facing Your Organization
With the explosion of web applications available today, comes a host of new and ever-changing threats to data security. Web applications expose a significant risk to organizations – as well as their consumers – and hackers are continuously finding new ways to exploit these applications. But what are the top threats facing web applications? And how can businesses remediate and protect against attacks? This white paper discusses the latest web application challenges, organizational considerations, business costs associated with security issues, and tips to maintain the integrity of an organization’s web applications. In addition, readers will gain an understanding of the top web application attacks, such as SQL injection, cross-site scripting, session hijacking, and scraping, and how to best remediate these tactics.
Anatomy of a Web Hack—SQL Injection Explained
While there are many types of attacks against your organization, none are as simple or as potentially destructive as what is known as a SQL injection. This attack is used to manipulate your organizations web applications to extract sensitive information straight out of your corporate databases and is one of the more popular attacks employed in identity theft incidents. This white paper provides a step-by-step walkthrough of the attack, describing its consequences and defense strategies.
The Business Case for Web Application Firewalls
by Ken Tyminski, former Vice President and Chief Information Security Officer for the Prudential Insurance Company of America.
In addition to protecting web applications against attacks, web application firewalls can help organizations bring their technology strategies and business objectives into alignment. Authored by Ken Tyminski, former Vice President and Chief Information Security Officer for the Prudential Insurance Company of America, this white paper discusses how web application firewalls allow organizations to deploy their web applications more rapidly, achieve significant cost savings in the process, and increase the coordination between their security and development teams.
An Evaluation of the ModSecurity Pro M1100 Relative to the Payment Card Industry
by The Aegenis Group.
The leader in providing training, risk management, and strategic consulting in the Payment Card Industry (PCI) take a look at ModSecurity M1100 to evaluate the features and functions of the device relative to the needs of the payments industry. This white paper reviews Ease of Installation and Use, Product Features and Support of Industry Considerations.
An Evaluation of WebDefend Relative to the Payment Card Industry
by The Aegenis Group.
The leader in providing training, risk management, and strategic consulting in the Payment Card Industry (PCI) take a look at ModSecurity M1100 to evaluate the features and functions of the device relative to the needs of the payments industry. This white paper reviews Ease of Installation and Use, Product Features and Support of Industry Considerations.
Guide to PCI Compliance for Web Applications
On the surface, the Payment Card Industry Data Security Standard (PCI DSS) reads as a series of absolutes. Yet, in meeting Requirement 6.6, organizations have a choice—they must either protect their web applications by a web application firewall or undergo a code review by an organization that specializes in application security. How do you decide which solution is right for your organization? This free white paper will help you make that choice.
Why Organizations Need Web Application Firewalls
More and more organizations are using the web to conduct business and hackers are taking advantage of the opportunity this trend presents. Web applications are hackers’ new target of choice as evidenced by the growing number of recent, high-profile security breaches. This white paper will discuss the reasons for the increase in attacks on web applications, why network security solutions, application vulnerability scanning, and secure coding initiatives do not provide sufficient protection, and how web application firewalls can provide continuous security for production web applications.
|
