Most common types of attack
- Cross-site scripting (XSS);
- Session takeover;
- Cross-site request forgery (XSRF);
- Forceful browsing;
- Cookie tampering;
- Path traversal.
Advantages of Airlock at a glance
- Central access point;
- Reduction of costs;
- Faster compliance;
- Quicker to market;
- Secure mobile synchronisation;
- Increased availability;
- Software appliance.
The Internet allows sensitive data to be accessed directly using electronic means. Despite priority being given to addressing security during development, Web applications remain vulnerable to attacks at every layer. These days Internet attackers are motivated by commercial and criminal intent. The complex attack scenarios and increasing number of vulnerabilities result in loss of control and extremely high levels of risk. Systems under attack can reveal valuable data, which can be used to manipulate transactions and distribute viruses and Trojans (malware).
Possible consequences of an attack include identity theft, access to confidential data, falsified transactions, poor availability and serious damage to an organisation’s reputation. The challenge facing companies today is getting a handle on the necessary security measures within an acceptable expenditure of time, effort and money.
Implementing security measures such as authentication requires much more than just filtering data traffic. Airlock offers a unique protection mechanism by operating as a combined secure reverse proxy server and Web application firewall (WAF). All access attempts are systematically controlled and filtered. Airlock can force user authentication and facilitates single sign-on and SSL VPN access. Furthermore, all-important information and performance data is easily available via the monitoring and reporting function.
The OWASP Top Ten is published approximately every three years and provides a powerful tool for raising awareness of Web application security.
The document below lists the ten most critical Web application security risks, as identified by OWASP in their 2010 edition of OWASP Top Ten. The document also explains how Airlock addresses each of these risks to protect Web applications from these types of attacks.
For more information on the OWASP Top Ten, visit OWASP Top Ten.
iX extra 7/11 Article: "Web Taster" (german)
Web applications enable users to easily access IT resources. To protect the data that is accessible through these resources, Web application firewalls are utilised to "taste" traffic for malicious or poisonous content.
iX Article "Web Taster" (German)