Results for: Application Firewall Attack Tools
236 Web applications, 69% had at least one SQL injection vulnerability
An article was published last week about a study from HP’s Application Security Center Web security research group. In a nutshell, the study talks about an increase in attacks and issues found from vulnerability scanning tools. It also talked about # of disclosed issues declined for those apps. One can spend all their time running the scanning tools but the issues still have to be fixed. ...
SYN206: Citrix networking: blazing performance, deep application visibility and unparalleled security
“Citrix” and “Networking”, the terms which go hand in hand today are because of the fact that Citrix owns great Networking portfolio with the core Application delivery and WAN optimization products like NetScaler and Branch Repeater. These are huge product lines to cover in single blog thus we will focus on NetScaler aspect for now.The NetScaler product line set very high bar in terms of ...
What in the world is Hybrid Security Model and why?
Before 9.3 software release, NetScaler Web Application Firewall (WAF) has been following the positive security model. Positive security model protects against zero day attacks and custom attacks. For those that may need some more details on zero-day attacks, here is a link for reference - zero day attack. For the most basic meaning of positive security model, it is pretty much a white list or ...
Armored Browser
Integrated with NetScaler HTTP Callout Ever wonder, with all of this networking security, who is protecting the information at the endpoint, before it enters the VPN stack? Ever heard of Keyloggers and Framegrabbers? API's that can read your passwords? (Even when connected to an SSL VPN or to a web application using HTTPS). You're not out of the woods yet until you secure your internet ...
Securing application data through multiple logons
Crackers are changing. Don't think geeky kid at the end of the street, think organized crime, well financed with large teams of talented programmers. Don't think "senders of SPAM", think takers of your money. I've started to think this way and I find myself rather paranoid. Maybe they really are out to get me?I'm pondering the quickly improving capabilities of my adversary and ...
Application Firewall Attack Tools
you should know about... We were doing some work with a partner recently, and they asked what our favorite attack tools were that we use to validate and demonstrate our security features in the NetScaler. That was an excellent question. It has been a couple of years since I actually built a proof of concept to demonstrate Application Layer attacks so I took a ...
Taming the Four Horsemen of the Virtualization Security Apocalypse
Today Citrix announced that we have partnered with McAfee to advance the state of the art in secure virtual infrastructure. In this post I aim to provide more detail on the partnership announcement and the technologies involved, and to place them within the broader context of security for virtualization, with reference to Hoff's superb discussion of the key issues facing security in a ...
Web Application Security and Human Variabilty
Many news reports have recently identified the increased threat to web sites and applications from SQL injections, the most recent example being the Nihaorr1 script that resulted in over 600,000 sites being infected even including the Department of Homeland Security and the UN. Although initially identified as a Windows IIS server vulnerability, the root cause of the recent exposure goes beyond IIS and has identified ...