Ah. Writing secure code is always the best solution. However it is time consuming in a very time pressured environment. Also the application may use 3rd party plugins like shopping carts or scripting engines like PHP. The user may not have access to the code or the time to verify the bounds checking in the addon.
Something like AppShield would protect you against bugs in the addons as well as application bugs, validation code omissions / errors, etc. There is still a compelling argument for Application layer firewalls in the real world. At an absolute minimum, you should run a copmprehensive security scan against all applications for vulnerabilities to check for emergent behaviour. It is not enough to secure just your source code. If you think this discussion is getting off topic, please feel free to reply privately. Kind Regards, Jon Paine. Technical Lead. Allasso European Support Centre. SMTP - mailto:[EMAIL PROTECTED] WEB - http://support.allasso.com Tel. 0870 366 8533 (+44 118 971 1533) Fax. 0870 366 8544 (+44 118 971 1544) PGP Fingerprint: ADD3 07AC ED47 292A BF61 E124 E81F 9249 7AD9 6E0C > -----Original Message----- > From: Steve Bernard [mailto:[EMAIL PROTECTED]] > Sent: 05 December 2002 19:22 > To: Issforum (E-mail) > Subject: RE: [ISSForum] Web server protection vs Sanctum AppShield > > > George, > > I don't want to ruffle any feathers but, I recommend > re-engineering the > application to provide validation of user input from within > the application. > There is no better solution to securing your application than > fixing its > internal deficiencies. Trying to patch application problems > with external > tools is a very costly, time consuming, and a never-ending > task. Fix the > application and you can actually feel secure. The problem you > describe is > what causes almost all application vulnerabilities, that is, > improper or no > validation of user provided input. This is the root of such > things as buffer > overflows, directory traversal exploits, and data > manipulation exploits, > just to name a few. Ignoring the real problem and adding > additional layers > of complexity is a surefire way to make the problem worse, > and spend a lot > of money. > > Regards, > > Steve Bernard > Sr. Systems Engineer, NET > George Mason University > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Didea, Gheorghe Sent: Thursday, December 05, 2002 7:54 AM To: Issforum (E-mail) Subject: [ISSForum] Web server protection vs Sanctum AppShield Hello, I want to protect a SQL application and I want to know if I can do this using Web server protection from Server Sensor. I don't want to protect just against IIS attacks but also against authenticated connection attack. For example if the application is sending back a response with 77 in header and the client is sending back a response modifying this header and sending 78 I want to block this. I ask you this because I want to know if I can do this with ISS or I need to buy an applicative IDS like AppShield Thanks George _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. Allasso Ltd Theale House, Brunel Road, Theale, Berkshire RG7 4AQ UK T: +44 118 971 1511 F: +44 118 971 1522 _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
