Hyperguarding your Web Applications

Weekly Industry Round-up, Week of 3/22

Posted by hyperguard on March 26, 2010

Information Week…
Google Releases Free Web Security Scanner
Thomas Claburn discusses the free Web Security Scanner that Google recently released. The skipfish software was created to help reduce online security vulnerabilities. While a free tool like this is appealing, it seems as though a true expert would be needed to use it and interpret the results. Using a web application firewall such as hyperguard could be a better solution when looking for an easier integration.

Intrusion Detection in a Cloud Computing Environment
In this contributed article from Phil Cox, he looks at the importance of intrusion detection systems in a cloud computing environment. He discusses how intrusion detection is performed on Software as a Service, Platform as a Service and Infrastructure as a Service offerings. Phil says that in reality, intrusion detection in the cloud is best performed by the provider– more than an IDS or IPS, hyperguard monitors the incoming and outgoing HTTP traffic, and enables and enforces central policy for that application perimeter. Hyperguard offers proactive protection without any changes to the Web application e.g. via secure session management based on the Secure CookieJar or via URL- Encryption to minimize the attack surface.

How Safe is Cloud Computing?
According to Lara Farrar, there may be trouble ahead with cloud computing, as security experts warn that not enough is being done to make sure it is safe. She says more businesses and individuals are tapping into cloud due to economics and convenience. However, a recent study from CIO Magazine found that despite the increasing popularity of outsourced computing, 50% of CEOs surveyed said safety was one of their biggest concerns. Companies have their own firewalls and anti-virus software to protect data in place, but when cloud computing is outsourced, they no longer have control over security measures.

Watch out for Web Worms
This article looks at Web-based worms as a new type of malware that can spread without human intervention and cannot be prevented by traditional anti-virus practices. Two-thirds of Web sites are vulnerable to cross-site scripting (XSS) worm infections, which involve embedding malicious JavaScript or ActiveX code on Web pages or in downloads. These Web worms use access to news items to attract victims to visit infected sites or click links that embed the malicious code in a download.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: