iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Imperva Offers Stop Sign To Web Threats
Search:
[ news_security_news ]

Imperva Offers Stop Sign To Web Threats



David Utter
Staff Writer
2007-12-03

SecurityProNews: Insider Reports Insider Reports RSS Feed


JavaScript highjacking and cross-site request forgeries threaten to make a mockery of modern Web 2.0 applications unless app providers do something to secure them.

The promise of software as a service promises to hit a granite block at high speed unless those who build applications do a better job of securing them, as Imperva CTO & co-founder Amichai Shulman told SecurityProNews. Many sites may be running applications that aren't as complete in their security approach as they could be.

To avoid the problems of JavaScript hijacks, courtesy of links embedded in an atttacker's page, and cross-site request forgeries that embed URLs to take action on behalf of the victim, Shulman advocated his company's gateway device approach.

By parking an Imperva device at the gateway, an enterprise can use it to distinguish legitimate requests from browsers, from those that are making invalid requests. Introducing a random parameter per session that an attacker can't know in advance makes it impossible for a third party to insinuate its way into the transaction path.

That's where the Imperva device enters the conversation. Rather than recoding an application to enable random parameters, the Imperva device doles them out as needed. It sits between the Internet and the application servers, checking for suspicious requests, and looks for a certain HTTP field match as requests return to retrieve more information.

If the additional data is not present or has been changed, the Impreva device asks for confirmation. In the case of a third party site requesting data, the individual will see that cross-site trying to grab data with the authentic user's permission, and the user should see the unauthorized third party doing this.

Imperva is taking a hardware approach to fixing the concerns driven by application software that could be open to an outside threat. As long as site responsiveness does not suffer from having Imperva in place, a purchase decision that presents better cost savings than recoding could make Imperva a security pro's choice for protecting users of its applications.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds