Web Application Security

paper focuses on the role developers can play in solving Web application security issues, and it details how IBM Rational® AppScan® Developer Edition software can enable them to do so. Web application security issues are an imminent and growing threat. Caused primarily by security bugs in an application's code, Web application security vulnerabilities can allow an online banking client to see another client's data. They can let hackers run queries on an application's back-end...

to minimise vulnerabilities in web applications. A guide to web application security outlines typical web application vulnerabilities and provides a comparison of web application vulnerability detection options.

Vulnerabilities in web applications are now the largest vector of enterprise security attacks. Stories about exploits that compromise sensitive data frequently mention culprits such as "cross-site scripting," "SQL injection," and "buffer overflow." Vulnerabilities like these fall...

lifecycle (SDLC), are playing an essential role in web application security and compliance. See how you can achieve a strategic, defense-in-depth approach to enterprise security by reading on now.

Web applications are among the most vulnerable parts of the enterprise, and web application defense is quickly becoming a top concern for today’s organizations. Security administrators everywhere are beginning to look at web application firewalls (WAFs) to help meet their security and compliance...

As threats to Web applications continue to grow, IBM offers Web application security for a smarter planet—integrated, end-to-end security to build secure Web applications, run secure Web applications and protect SOA environments.

With more websites integrating dynamic web applications, service oriented architectures, online transacting options and other complex Web 2.0 technologies, effective security systems are fast becoming top priority for federal agencies. Read this IBM white paper and find...

of supplier in the software supply chain and then explores application security by language, industry, and by application type across both web and non-web applications.

New in Volume 2 are data from third-party assessments, the first inclusion of PHP and ColdFusion applications, a comparison of static binary, dynamic, and manual testing effectiveness, and additional analytics on Financial industry applications.

This informative white paper outlines the importance of Web application security. With over 55 percent of vulnerabilities in 2010 resulting in attacks, a solution is necessary. Learn more about the different types of Web application vulnerabilities as well as how to detect vulnerabilities more efficiently.

While web applications can provide many benefits, they are also the largest source of enterprise security attacks – accounting for over 55 percent of vulnerabilities in 2010, according to a...

discusses an approach for improving your organization's Web application security. As businesses grow increasingly dependent upon Web applications, these complex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority of attacks are on applications themselves - and these technologies cannot prevent them.

This paper explains what you can do to help protect your organization,...

E-Guide, learn how the increased use of business-centric Web applications has spawned alarming new information security threats. Also inside, uncover tips, tricks, and best practices for making your Web apps more secure – read on to get started. ...

help with remediation.

Application development and application security teams and practitioners can, in fact, begin automated testing and detection of XSS vulnerabilities immediately, using a Free Service from Veracode. In this white paper, you’ll learn more about the cross-site scripting threat, how automated code testing can help detect and remediate it, and the free service that will help energize your application security program.

The extent of fundamental security flaws in most applications often requires a re-architecture, but there are some secondary measures information security teams can take to safeguard faulty applications. This expert tip maps out the steps security professionals should take to lock down their Web applications.

The extent of fundamental security flaws in most applications often requires a re-architecture, but there are some secondary measures...

This white paper outlines a web application vulnerability assessment tool that will help you to identify and remediate vulnerabilities earlier in the software development lifecycle.

Security has become a foremost priority for many IT decision makers as web-based applications can compromise the overall security of an organization. These vulnerabilities can enable hackers to access confidential company information or customer data which could result...

integrating security and risk management throughout the web application software development lifecycle.

Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don’t understand, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle.

Securing the web application lifecycle does not have to mean slowing it down. When...

of key business applications and provide decentralized Web security and control for their branch offices. View this case study to learn how they were able to meet both needs with just one solution.

IT infrastructure management solutions provider, Avocent Corporation, needed to accomplish two critical tasks: Improve performance of key business applications and provide decentralized Web security and control for their branch offices.

View this case study to learn how they...

from their mobile devices, whether from a native application or the web, that security measures are in place to ensure their BI data is protected and safe from hackers or if a device is ever lost or stolen. Read to find strategies on how to best secure BI on mobile devices. ...

requirements is absolutely critical. And with the newest security requirements taking effect June 30, 2008, you need to move quickly.

Here's some help: a complimentary guide which helps you achieve the latest PCI DSS security mandates. You'll get practical insight to ensure your success, including:

• The newest security measures you must have in place by June 30, 2008
• 6 key recommendations to ensure ongoing PCI DSS compliance
• How to deploy a security solution that also

...

standards-based runtime that focuses on ease-of-use for web application development. Indeed, Resin is the only major application server solely focused on the Web Profile.

Imperva's vision for the next generation of WAFs. It details Web application security problems and solutions today, and gives perspectives on the future.

This paper describes Imperva's vision for the next generation of WAFs. It details Web application security problems and solutions today, and gives perspectives on the future. While this paper is not product specific, areas where Imperva SecureSphere currently provides NG-WAF capabilities such as anti-automation, and adaptive threat response are...

types of JavaScript client-side issues that exist in today’s Web applications, their prevalence on the internet and how to locate and fix them.

Client-side vulnerabilities in JavaScript are difficult to locate and require deep knowledge of JavaScript, as well as the ability to perform code review for HTML pages and JavaScript files. This presentation transcript discusses the various types of JavaScript client-side issues that exist in Web applications, their prevalence on the...

ways monitor and manage Web 2.0 usage within your company; Web Application Firewalls - How to choose and implement the right WAF for your company; and much more.

This month's issue of Information Security focuses on risk management. The cover story, "How to Secure Cloud Computing", discusses emerging on-demand computing services. Cloud computing can create great cost savings for both large and small businesses, but what does it cost in terms of security and compliance set-backs? We'll also go into...

a strategy that balances bring-your-own-device (BYOD) with security, giving your mobile workforce the access to corporate web apps that they need without sacrificing security in the process.

The bring-your-own-device (BYOD) trend has drastic implications for organizations everywhere. As more and more employees choose to conduct business from personally-owned mobile devices, IT is losing control over the enterprise. BYOD isn’t going away – but empowering your mobile workforce can't come...

Please join Core Security for a live demonstration of CORE IMPACT Pro, the most comprehensive product for performing security assurance testing on an organization’s network systems, endpoint systems, end users and web applications. Product Type: Penetration Testing

IT Problem:
Proactive penetration testing for effective risk management.

IT Download Description:
Please join Core Security for a live demonstration of CORE IMPACT Pro, the most...

with many parts of the PCI DSS specification, notably the web application firewall (WAF) requirements of section 6.6.

The Payment Card Industry Data Security Standard (PCI DSS) is a mandatory requirement for any merchant that handles confidential cardholder data, including businesses that take orders online. This detailed white paper describes how the Riverbed® Stingray™ Traffic Manager and Stingray Application Firewall Module can help you with many parts of the PCI DSS specification, most...

vulnerabilities in files, widgets and social sites, employ web application firewalls and use content filtering to mitigate risk. Cyber-criminals are targeting web surfers on popular social networking sites like Facebook, LinkedIn and MySpace. This security brief discusses how to protect your business from "trusted" friends turned hostile hackers, pinpoint vulnerabilities in files, widgets and social sites, employ web application firewalls and use content filtering to mitigate risk...

integrated risk management solution that uses network and web application firewall security can help your financial institution prevent losses, operational disruption, brand damage, and data loss.

An increasing number of cyberattacks have been targeting financial services companies, attacks which are only growing in complexity, frequency, and sophistication.

This white paper details how an integrated risk management solution that uses network and web application firewall security...