| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 | ||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
 TEST CENTER AppShield stops Web app hackers cold By Mandy Andress, For InfoWorld Test Center April 5, 2001 The latest front line in the security war has moved from the network layer to the application layer. Do your Web applications allow hackers to visit your back-end servers?
Although we are not dismissing good development practices, we are happy to report that AppShield, by Sanctum, provides a Web application security solution that does not require a complete redesign or review of your current development process. This, coupled with its flexibility and speed, earned it Very Good rating. AppShield sits in front of your Web servers, acting as a proxy and intercepting all requests. Using its Policy Recognition Engine and Adaptive Reduction Technology, AppShield analyzes outgoing Web pages and generates security policies on the fly for each page. Returned pages are compared to this policy to ensure they conform. Any changes to the Web page or input data that does not conform to the policy will cause the request to be denied. AppShield does not require any prior knowledge of the Web application; it learns the security policy of the application through its technology. This makes the product very easy to install and administer, and changes to the Web application do not require corresponding changes to AppShield. Ultimately this means attackers have no means of gaining illegal access to your data and files through your Web applications. AppShield is managed by a Java management console that can be installed on any system. You can also control who has write access to the console; multiple people can log on and view AppShield's event logs but you don't have to worry about multiple people making changes to the configuration. We reviewed a beta of AppShield 2.5 last year, and AppShield 3.0 makes significant improvements. Primarily, AppShield 3.0 delivers a 25 percent improvement in overall performance that was achieved through code reduction. It now works with enterprise tools such as Tivoli and HP OpenView to provide an integrated management infrastructure. Additionally, it provides support for shared hosting environments, such as ISPs and ASPs (application service providers) that house multiple sites in one location. AppShield 2.5 supported SSL (Secure Sockets Layer), but Version 3.0 adds support for SSL accelerator cards such as those from nCipher and Rainbow. Version 2.5 also provided some support for client-side scripting (JavaScript), but it was rather cumbersome to develop the necessary filtering rules. AppShield 3.0 improves this functionality by supplying helpful tips that tell you what rules should be in place to allow JavaScript to pass. AppShield is incredibly flexible because it does not need to be configured to protect your Web application. It discovers the security policy of your application through its Policy Recognition Engine, so any changes you make to your application are immediately protected by AppShield. Additionally, AppShield can support almost any Web application configuration; its strength lies in its ability to learn applications and their security policies on the fly. Although its price, $15,000 per server, may seem a little high, it would ultimately save you at least 100 times that amount if it prevented even a single attack. Return to our Test Center In-Focus package:Enterprise security Mandy Andress is chief security officer of Evant and president of ArcSec Technologies. Contact her at mandy@arcsec.com.
 RELATED SUBJECTS  SecuritySPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
