|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
|
Imperva ADC Helps Organizations Understand and Defend Against Web 2.0 Security ThreatsMarch 7, 2007; 07:09 AM “Web 2.0 technologies such as AJAX, RSS, and client-side JavaScript libraries allow enterprises to build more responsive, immersive and collaborative applications. Although many of the technologies are not new, the threat model for Web 2.0 is not yet fully understood by developers,” said Andrew Jaquith, Senior Analyst at Yankee Group. “Imperva is taking a leadership role by educating organizations about the risks associated with Web 2.0 applications, and by offering mitigation techniques.” Web 2.0 Risk Landscape Web 2.0 applications generally include a mix of three characteristics: Rich Interface Applications (RIA), Syndication (RSS, Mashups, etc.), and User participation (social networks, Wikis, blogs). Each category introduces its own set of vulnerabilities and risks, which create a larger attack surface. One common weakness is the shifting of security processing from the web server to the client. This approach is imposed by scripting used to deliver dynamic Web 2.0 content. Client side security checks, however, violate documented best practices for protecting Internet applications. By blurring the distinction between client and server code, Web 2.0 applications increase exposure to session and cookie tampering, SQL Injection, directory traversal, and cross site scripting (XSS) attacks. Understanding and Mitigating Vulnerabilities To help IT organizations understand the vulnerabilities introduced by Web 2.0 applications and take appropriate measures to secure their infrastructure, Imperva is hosting a free Webinar on March 14 and offering a companion technical brief entitled Understanding Web 2.0: Technologies, Risks, and Best Practices. The Webinar and brief will cover key Web 2.0 security concepts and remediation strategies, including:
To register for the Webinar please visit http://www.imperva.com/go/webinar20. To request the companion technical brief, which will be available after the Webinar, visit http://www.imperva.com/go/tbw20. “The convergence of web and collaboration technologies that made Web 2.0 applications possible has created an equally disruptive shift in the Internet threat landscape,” said Amichai Shulman, CTO of Imperva and head of the Imperva Application Defense Center. “Organizations that deploy Web 2.0 applications without a clear understanding of the vulnerabilities they introduce are at risk. Our goal is to arm IT professionals with the knowledge they need to secure their Web 2.0 infrastructures." About the Imperva Application Defense Center The Imperva Application Defense Center (ADC) is internationally-recognized for its leadership in security and compliance research and education. The Imperva ADC has found over 20 vulnerabilities in commercial Web application and database products. Database and application vendors have credited the organization with the discovery of serious vulnerabilities and mitigation techniques that have led to increased security in their products. About SecureSphere SecureSphere’s adaptive architecture detects Web 2.0-related threats and future-proofs organizations against subsequent generations of vulnerabilities. SecureSphere allows enterprises to leverage the rich features in Web 2.0 without exposing themselves or their users to attack. With SecureSphere, companies can safely roll out applications with interactive updates, data from external sources, user-contributed content, and other Web 2.0 hallmarks. To protect Web 2.0 applications, SecureSphere:
About Imperva Imperva is the global leader in data security and compliance solutions for the data center. The Imperva product line provides an automated and transparent approach to protecting and controlling sensitive data throughout transactional data systems. The Imperva database and Web application appliances are deployed in leading financial, retail, telecommunications, healthcare, and government organizations around the globe. Founded over five years ago by Shlomo Kramer, recently named one of the 20 luminaries who changed the network industry, Imperva is a solid, privately held company with growing revenues and backing from Accel Partners, Greylock Partners, US Venture Partners, and Venrock Associates. For more information, visit www.imperva.com. Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders. |
Copyright © 1998 - 2018 DevStart, Inc. All Rights Reserved |