Website Security

Website Security, Web Application & Database Protection

Is a multi-dimensional / layer problem

Website Security


Types of Vulnerabilities

> Protecting against OWASP Top 10 web application vulnerabilities

> Structured Query Language (SQL) injection attacks

> Network and application layer DoS (denial of service) attacks

> Cross-site scripting

> Buffer overflows
 > File inclusion

> Cookie poisoning

> Schema poisoning

> SSL vulnerabilities

> XML and JSON attacks

> and countless other attacks
 

Structured Query Language (SQL) injection attacks

Increased by 30 times within the past six months. This growing area of targeted attacks on sensitive information exploits Web sites by altering back-end code to manipulate data entered by users.
 

 

 Solution Business Benefits


> Protect against web-related threats to enterprise networks

> Defend Datacentres
(protect virtual software-defined (SND) data center (SDDC), managed cloud service environment, public cloud (Amazon Web Services (AWS) and Microsoft's Azure), or traditional data centres).

> Reduces business risk

> Prevent hackers from exploiting your websites, business critical applications and data

> Prevent web based fraud

> Help you prevent identity theft, financial fraud and denial of service

> Protect your Cloud-based Applications

> Protection for common applications
such as Microsoft Outlook Web Access, Lotus Domino Mail Server, Oracle E-Business Financials, and Microsoft SharePoint

> Solve security challenges without impacting application performance

> Deliver websites and web pages reliably, fast and securely through high performance DNS services		 > Enforce government regulations, industry best practices, and internal policies.

> Identify and then blocking or mask sensitive information transmission such as credit card numbers (CCN) and social security numbers (SSN)

> Simplify PCI-DSS compliance security audits

> Meet regulatory compliance requirements and industry standards, including PCI DSS

> Comprehensive solution for PCI DSS requirements 3.3, 6.5 and 6.6

> Ease the migration, time and cost of test environments to production

> Discover and inventory web servers, services and applications

> Visibility and analyse traffic from malicious external robots, crawlers, scanners and search engines

> Prevents malware infections, spyware and viruses

> Gives you control over your employees’ web use





Technical Features & Benefits



> High performance Web Application Firewall (WAF)

> Proactive web application, Web 2.0 and database protection

> Web server intrusion prevention

> Patch web vulnerabilities

> Website cloaking

> IP address masking

> Protect web-based applications and internet-facing data from attack and data loss

> Prevent web scraping

> Web protocol traffic and file scanning (HTTP, HTTPS, SMTP, FTP)

> Application Vulnerability Scanning

> Web application monitoring services

> Web application security testing and scanning
 
> Ensure developers follow secure coding practices

> Verify that your software is trustworthy

> Scans source code

> Identifies root causes of software security vulnerabilities


> Automate user activity profiles to create a baseline of allowed activity

> Protect against sophisticated layer 4 & 7 attacks targeting websites and application resources (DoS / DDoS protection)

> Off load and accelerate SSL / HTTPS encryption functions to reduce web server processing requirements and performance delays

> Layer 7 load balancing and content-based routing increases application speeds

> IPv4 / IPv6 protection

> Geo IP Policy enforcement

> Rapid deployment with built-in intelligence

> Penetration Testing (manual and / or automated, consultancy lead and off-site managed / cloud services)

> Anomaly detection, and real-time alerting and prevention
 
> Contextual protection integrated within the application itself allows you to confidently identify and stop attacks that network security cannot see

> Separation of Administrative & Privilege user duties

> Enforce multi-factor authentication




Web 2.0 Application Security and Control 

Web 2.0 applications such as Facebook, Twitter and Skype
 
Block Malicious Content
Traditional firewalls detect and restrict applications by port, protocol and server IP address, and cannot detect malicious content or abnormal behaviour in many web-based applications.


Platforms protected and more



AWS and Public Cloud Web Application Security 

Amazon Web Services (AWS) offer a shared security model with their customers. While AWS provides many of the essential building blocks for securing cloud workloads, the ultimate responsibility for ensuring that both the app and the Web management console are protected lies with the customer.



Cloud-Based Application Protection 

Cloud Application Firewall

Large-scale applications developed specifically for a cloud are often very complex, with a design focus on access speed and scalability. Many cloud applications also provide flexibility for third-party development through an open API. For example, Salesforce.com, Google Docs, Facebook, and Twitter, are all good examples of APIs exposed to allow access from custom applications. These ‘as a Service’ applications are developed in two ways today: (1) by moving on-premise applications to the cloud, and (2) by developing and operating applications directly in the cloud.

Applications that migrate out of your internal company network and into a public cloud infrastructure carry the risks of exposing protected software to external threats that they were not designed to handle. Common security threats include injection attacks, and cross-site scripting or cross-site request forgery.
Web Database Security

> Database Firewall



> Oracle Database Protection

Full auditing and visibility into database data usage



> Database Assessment

Vulnerability assessment, configuration management, and data classification for databases
> User Rights Management for Databases

Review and manage user access rights to sensitive databases



> Database Audit & Compliance

Monitor, log, alert and report for audit and compliance.


Compliance
Solution address compliance and regulations
  • PCI DSS require regular scanning of applications and platforms
  • Vulnerability scanning and assessments for web application firewall that completes a comprehensive solution for PCI DSS requirement 3.3, 6.5 and 6.6.
  • Web Application Firewall’s address vulnerability and help protect against unknown attacks.
  • Protecting against OWASP Top 10 web application vulnerabilities


Integrates with leading WAF vendors
Provides XML output for Web Application Firewalls (WAFs) that helps you quickly create new rules and block exploitation of vulnerabilities.



Solution Platforms
> Cloud-based managed service
> Hardware Appliance
> Software / Virtual Appliance




Contact us today to discuss your requirements in more detail.

P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk