Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

R E V I E W

Proxies Add a Protective Shield

March 5, 2003
By Jeff Forristal

>> continued from previous page

Executive Summary

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Products Reviewed
	Executive Summary
	How We Tested
	Attack Descriptions
	Report Card

Remember when most attacks hit at the network layer? Those were the days. Now, with the proliferation of Web services and introduction of protocols like SOAP, who knows what evil is trying to slither in via HTTP tunnels? Think you're safe? How many different applications run in your Web environment? Have you done a security assessment of all that source code? We didn't think so.

One possible answer is a Web application-level firewall. We installed proxy offerings from Kavado, MultiNet, Sanctum, Teros and WebScurity in our Chicago Neohapsis partner labs and tasked them with protecting two deliberately insecure Web sites. We tampered with cookies and form fields, threw Microsoft FrontPage into the mix, then sat back and watched the destruction. We also evaluated ease of configuration, a huge concern unless you have strong application-security chops on board.

None of the products could stop every attack, but Kavado InterDo and Sanctum AppShield came closest. We were impressed by InterDo's feature set, but it let dynamic form value attacks slip past, giving Sanctum the edge to win our Editor's Choice.