Business Security Information

A lot of today’s websites are dynamic, meaning they can deliver different content to a user depending on the user’s needs.  Dynamic content is achieved with the use of web applications.  This sounds great, but dynamic websites are open to an attack called cross-site scripting.  If you have been in business long and pay attention to the variety of security issues that you have to protect your business from, you probably have heard of this term before.  Cross-site scripting is a type of exploit where the attacker inserts or embeds malicious programming code into a web link which the attacker disguises so it appears that it is coming from a trusted source. 

Web Application Firewalls

Web Application Firewalls are a market that is still hard to define, meaning what one vendors says is a web application firewall may not be what another defines as such.  For right now, many products fall under the web application firewall term.  For a business such as yours, this makes it hard to evaluate and compare products.  To overcome this confusion, first look at what your security needs are, the structure of your network, and the applications that are you using.  Then, look at what is available that fits your criteria.  Just by doing this first, you will narrow your search down from many to probably a few products that you are interested in researching and maybe testing further.  A few requirements for a web application firewall include:

This article covers a somewhat complex and lengthy security topic so I am breaking it into two parts.  The first part will discuss web applications, what they are, and the basics of website security including web application firewalls.  The second part of the article will go into more detail regarding web application firewalls, the PCI standard pertaining to web application firewalls, and, lastly, UTM and web application firewall capabilities.

Web Applications