Application Security for Every Scale
my.defence
Cloud computing was not designed for security, although organizations such as Cloud Security Alliance (CSA) and Open Web Application Security Project (OWASP) are making great strides in helping the industry solve the myriad security problems confronting cloud computing. The benchmark guidelines established by the CSA in the document, Guidance for Critical Areas of Focus in Cloud Computing, is a great first step. This white paper is intended to pick up where the CSA guide left off in terms of defining what a distributed web application firewall (dWAF) should look like in order to meet the standards set within the CSA document.
Shopping in the internet is the fastest grown shopping model ever happened. Especially in the mid-price-range of shopping goods the quotient over all is near half of the sales volume. It sounds strange, when a study about implemented security features into the shop systems shows a value of circa 10 % with additional security components in the shop systems. Under normal conditions you know nothing about the incoming requests, because all the security systems in the data center of your hosting provider are monitoring the transportation layer.
The payment via credit cards is regulated since 2006 with the PCI DSS to reduce the money, earned by criminal activities in the internet business.
But not only the data of credit cards will be of note by criminals. Also the account information for a payment made by direct debit together with name and address of a user makes work easy for criminals.
Another risk is the lost of data privacy. When informations of customer accounts and in worst case also usernames and passwords will be available for other users, the shop and the appended company will lose reputation and money.
Under normal conditions it is not possible to develop a shop software error free. This type of software is very complex. If you consider, how much different components you use in the development, as often you have to update and recompile the software to have the code secure. If your application is vulnerable for Cross Site Scripting (XSS), an attacker can install this type of vulnerability in your server and can manipulate your shop articles in price or described property.
And here is the main problem for the most online shops with 24 hours open. Under normal cases you do not have the possibility to patch the application as often as new vulnerabilities are announced.
A Web Application Firewall like hyperguard from art of defence analyze the incoming and outgoing web traffic and has the possibility to deny suspect or unsecure requests. With the included mechanism to deny specified type of requests, you can „virtual patch“ the shop with some new rules against new vulnerabilities. Than you avoid the stress to patch the application outside the normal service routine.
One of the most valuable charakteristics of hyperguard is the partition of monitoring and protection. and the possibility to run two rulesets in parallel (one active, one in monitoring mode) This allows very granular rulesets and fault resistant testing. This avoids interruptions in the business process, because false positives are already encountered in detection mode.
hyperguard offers with one „click“ a baseline protection against the most common vulnerabilities of web applications, provides black-, white- and greylisting and supports proactive security functions like URL encryption against vulnerabilities like cross site scripting, SQL-injection and some others (OWASP Top10).
Additional functions for Cookie protection and against Denial of Service protect the user and the web server. The flexibility of deployment together with a licensing for all scenarios makes hyperguard to the best available solution for online shops in every size.
