OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jon Paine (jon.paine_at_allasso.com)
Date: Fri Dec 06 2002 - 11:20:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Ah.

    Writing secure code is always the best solution. However it is time
    consuming in a very time pressured environment. Also the application may use
    3rd party plugins like shopping carts or scripting engines like PHP. The
    user may not have access to the code or the time to verify the bounds
    checking in the addon.

    Something like AppShield would protect you against bugs in the addons as
    well as application bugs, validation code omissions / errors, etc.

    There is still a compelling argument for Application layer firewalls in the
    real world.

    At an absolute minimum, you should run a copmprehensive security scan
    against all applications for vulnerabilities to check for emergent
    behaviour. It is not enough to secure just your source code.

    If you think this discussion is getting off topic, please feel free to reply
    privately.

    Kind Regards,

    Jon Paine. Technical Lead.
    Allasso European Support Centre.
    SMTP - mailto:supportallasso.com
    WEB - http://support.allasso.com
    Tel. 0870 366 8533 (+44 118 971 1533)
    Fax. 0870 366 8544 (+44 118 971 1544)
    PGP Fingerprint: ADD3 07AC ED47 292A BF61 E124 E81F 9249 7AD9 6E0C

    > -----Original Message-----
    > From: Steve Bernard [mailto:sbernardgmu.edu]
    > Sent: 05 December 2002 19:22
    > To: Issforum (E-mail)
    > Subject: RE: [ISSForum] Web server protection vs Sanctum AppShield
    >
    >
    > George,
    >
    > I don't want to ruffle any feathers but, I recommend
    > re-engineering the
    > application to provide validation of user input from within
    > the application.
    > There is no better solution to securing your application than
    > fixing its
    > internal deficiencies. Trying to patch application problems
    > with external
    > tools is a very costly, time consuming, and a never-ending
    > task. Fix the
    > application and you can actually feel secure. The problem you
    > describe is
    > what causes almost all application vulnerabilities, that is,
    > improper or no
    > validation of user provided input. This is the root of such
    > things as buffer
    > overflows, directory traversal exploits, and data
    > manipulation exploits,
    > just to name a few. Ignoring the real problem and adding
    > additional layers
    > of complexity is a surefire way to make the problem worse,
    > and spend a lot
    > of money.
    >
    > Regards,
    >
    > Steve Bernard
    > Sr. Systems Engineer, NET
    > George Mason University
    >
    >
    > -----Original Message-----
    > From: issforum-adminiss.net
    [mailto:issforum-adminiss.net]On Behalf Of
    Didea, Gheorghe
    Sent: Thursday, December 05, 2002 7:54 AM
    To: Issforum (E-mail)
    Subject: [ISSForum] Web server protection vs Sanctum AppShield

    Hello,

    I want to protect a SQL application and I want to know if I can do this
    using Web server protection from Server Sensor. I don't want to protect just
    against IIS attacks but also against authenticated connection attack. For
    example if the application is sending back a response with 77 in header and
    the client is sending back a response modifying this header and sending 78 I
    want to block this.
    I ask you this because I want to know if I can do this with ISS or I need to
    buy an applicative IDS like AppShield

    Thanks
    George

    _______________________________________________
    ISSForum mailing list
    ISSForumiss.net

    TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
    https://atla-mm1.iss.net/mailman/listinfo

    _______________________________________________
    ISSForum mailing list
    ISSForumiss.net

    TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
    https://atla-mm1.iss.net/mailman/listinfo

    Please note that:
     
    1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this
       confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate
       or in any other way use or rely on this information.
    2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business
       practices.
    3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
    4. The company does not conclude contracts by email and all negotiations are subject to contract.
    5. The company accepts no responsibility once an e-mail and any attachments is sent.

    Allasso Ltd
    Theale House,
    Brunel Road,
    Theale,
    Berkshire
    RG7 4AQ UK
    T: +44 118 971 1511
    F: +44 118 971 1522

    _______________________________________________
    ISSForum mailing list
    ISSForumiss.net

    TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo