An era of new threats: Protect your e-business against data theft and manipulation!

Traditional security systems do not check the logic of the application. They inspect only the transport layer for which they were designed. When a request approaches the firewall, the following questions are asked: Does its outward appearance fulfill certain criteria? Does it display a certain “ID card”? If so, it is waved on by the firewall and the likes without any further questions. But nobody is looking into the “pockets” of the request with potentially dangerous content.

However, it is exactly here where dangers are lurking. For example, at first sight an injection attack looks like a harmless request. But problems come up every time that input information is passed on to other components of the system. For example, if instead of a name a SQL command is entered into the “Name” field, information can be retrieved from the database illegally, causing severe damage.

Equipped with stolen identities, criminals go on online shopping sprees: Before either the customer or the shop operator have noticed anything, the data thief has already filled his pockets at someone else’s expense. Through cross site scripting (XSS) even undesired foreign information can be entered into the web shop system, and customers are deceived – through manipulating prices for example.