Web Application Security Overview
Home
Solutions
Demos
Partners
Inside Sanctum
Web Perversion
  - A Serious Threat
  - Level 4 Protection
  - A Complete Solution
  - Web Security Overview
  - FAQ
Customers
News & Events
Support & Services
  - Support
Contact Us
Gov't Legislation
and Compliance
Introduction
AppShield Will Secure Your Site Against These And Many Other Kinds of "Hack Attack" Tactics
(roll over each "Hack Attack" for a description)
Providing security for eBusiness is a highly dynamic problem. The rapid evolution of applications and the numerous technologies that enable eBusiness create an often changing set of requirements for eBusiness security. Security issues and the technologies used to address them can be roughly divided into three categories: data transmission and authentication, network security, and application security.
Data Transmission & Authentication

eBusiness requires that sensitive information be transmitted over the Internet. Unfortunately, as a public network, the Internet is a very insecure medium for transmitting sensitive data.

Each individual eBusiness transaction is comprised of many data packets. A data packet sent from one point to another must pass through numerous intermediate points (nodes) before reaching its destination, and each of the many packets comprising a single transaction may take a different route. At every one of the intermediate nodes through which they pass, packets are vulnerable to interception by hackers.

This problem is typically solved using technologies such as Secure Socket Layer (SSL) and Virtual Private Networking (VPN) to encrypt data and create a secure channel of communication between interacting parties. Encryption keys are negotiated in a secure manner using Public Key Infrastructure (PKI), which allows any two peers using compatible products to establish their own private, secure channel.

In many cases, a higher level of assurance regarding the specific identity of the parties must complement data encryption. There are several common mechanisms to establish this assurance, including user names and passwords, digital certificates, PKI, smartcards, biometrics, and other authentication devices. Each measure requires a tradeoff between the level of assurance -- user name and password being the lowest -- and the deployment complexity -- which reaches its maximum with biometrics and authentication devices.

Network Security
Delivering data with seamless connectivity between any two points on the Internet requires a great deal of underlying networking logic. This logic is provided by the Internet Protocol (IP), and overlying protocols such as TCP, UDP, ICMP, etc. These protocols define everything from the addressing scheme to routing information and control directives. The complexity of these data transmissions provides fertile ground for hackers searching for loopholes. Any computer connected to the Internet is potentially vulnerable to a wide range of attacks aimed at exposing weaknesses in the computer�s network interface and configuration. Such attacks can expose the computer�s internal resources to misuse, theft or destruction.

The solution to these threats comes in the form of firewalls and intrusion detection tools. Firewalls use built-in --network knowledge-- to block network-level openings, leaving only required pathways open. For example, an organization may use a firewall to block all incoming traffic except for email, and all outgoing traffic, except for email, telnet and web browsing. Intrusion detection tools are applications or devices designed to identify network-level attack patterns, react to them, and notify system operators.

Firewalls and intrusion detection tools provide robust security against hacker attacks that seek to take advantage of the complexity of network connectivity.

Application Security
Application security is one of the most challenging aspects of eBusiness security. Put simply, application-level security ensures that eBusiness applications interact with end users only in ways that were intended by the application�s developers. Application-level security is focused on preventing the unauthorized use of an eBusiness� resources or customer information by hackers attempting to gain access to the eBusiness network directly through the application itself. Application-level hacks typically exploit weaknesses in HTML coding, Common Gateway Interfaces (CGIs), or in third party products such as web servers or scripts. The following pages will more fully describe the problem of application security and a general approach to solving the problem.
 © 2004 Sanctum, Inc.    Privacy Statement  |   Legal Disclaimer
  1. https://www.gustudentassociation.org/
  2. https://kimmerestaurant.com/
  3. https://www.nyonyafood.com/
  4. https://www.perfectotech.com/
  5. https://www.planetgapyear.com/
  6. https://whatcomvet.com/
  7. https://theclassicyachtexperience.com/
  8. https://www.batonrougerosesociety.org/
  9. https://www.finburysullivan.com/
  10. https://mikrofinanzinstitut.com/
  11. https://oakgroveplantationsc.com/
  12. https://www.the-vision-of-harmony.org/
  13. https://www.pantheonpress.com/
  14. https://thefinancialgraduate.com/
  15. https://www.thenutkitchen.com/
  16. https://altiboutique.com/
  17. https://ambushsweden.com/
  18. https://goingonforgod.com/
  19. https://lasdopestattorney.com/
  20. https://www.sewardne.com/
  21. https://www.tehranfestival.com/
  22. https://www.bistrotmarin.com/
  23. https://brysonchristianmontessorischool.com/
  24. https://www.excalibureurope.com/
  25. https://www.tropicaltopless.com/
  26. https://www.originallotsoflox.com/
  27. https://www.wavespace-berlin.com/
  28. https://www.nicolasboutruche.com/
  29. https://www.michiganmediates.org/
  30. https://www.victoria-abbott.com/
  31. https://www.yourmyrtlebeachproperty.com/
  32. https://metrcconference.com/
  33. https://biotechscope.com/
  34. https://jzbrasil.com/
  35. https://kingswoodacquisition.com/
  36. https://www.mobilegourmetkitchen.com/
  37. https://saafootball.org/
  38. https://griefergames.info/
  39. https://ampalauragarcianoblejas.com/
  40. sbobet
  41. judi parlay
  42. togel kamboja
  43. Pengeluaran Cambodia
  44. judi bola
  45. demo slot
  46. Togel Kamboja
  47. keluaran Kamboja
  48. slot thailand
  49. togel kamboja
  50. keluaran kamboja
  51. togel Kamboja
  52. slot demo
  53. keluaran cambodia
  54. togel cambodia
  55. demo mahjong
  56. live draw macau
  57. slot thailand
  58. pengeluaran kamboja
  59. judi bola
  60. sbobet
  61. slot demo
  62. togel sdy