Danger zone web application -
New threats for customer, partner and employee portals:
Protect your intranet and extranet against hackers and data thieves!

The company server, which generally contains 60 to 70 percent of the important company data, can be accessed through outside queries. The door to sabotage and espionage is opened, and known protections such as conventional firewalls, reverse proxies or IDS/IPS systems fail here.

The reason: Traditional security systems do not check the most important layer of queries with web applications, namely the application logic. They are limited to the transport layer, for which they were actually designed. When a request hits the firewall, generally the following questions are asked: Does its outward appearance fulfill certain criteria? If so, it is waved on by the firewall and its likes without any further questions. But nobody is looking into the “pockets” of the request.

But even legitimate users should not be able to access the complete content. Example partner portal: A supplier should certainly not be able to view the others’ user account – not even by accident. And just like with cross site scripting, security gaps in browsers can be taken advantage of, viruses are brought in, or time-sensitive orders in a spare parts portal for example can be manipulated. In the latter scenario there are even conventional penalties if the delivery does not take place on time.