Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

  1. Home
  2. Careers-and-certifications
  3. Proxies-add-protective-shield
  4. Page
  5. Proxies Add a Protective Shield: Page 14 of 22
Careers and Certifications

Proxies Add a Protective Shield: Page 14 of 22

Web security proxies--aka, Web application firewalls--can detect and mitigate common attacks, but configuration is crucial. Kavado InterDo and Sanctum AppShield ran neck-and-neck, but AppShield captured the top spot--for now.
March 10, 2003

Various form validity tampering: We used a test form containing various select, checkbox and radio input values to determine if the security proxy would ensure the values we submitted were legal, allowed values; for example, when given a select menu with choices "A," "B" and "C," we attempted to submit nonexistent value "D." We used both static and dynamically generated form values. Partial failure means the product can handle static values via hard-coded rule definitions but cannot handle dynamic values.

CVE IDs were included for attacks that exploit specific vulnerabilities; however, many of the attacks are more general in nature. Below are a few URLs explaining some of the general vulnerabilities we tried to exploit.

• Cross-site scripting

• SQL injection

• Cookie manipulation

Tags:

News
Careers and Certifications