Best Ways to Secure

By Timothy Dyck  |  Posted 2003-02-03 Print this article Print

Web Applications">


Some tools that IT departments should have on hand for top-notch Web app security:

Web application scanners
Web application security scanning tools can detect several types of Web application security flaws at once. They should be used to find security problems during the application development cycle. (See eWeek Labs May 20, 2002, vulnerability assessment package at Good examples include:

  • Sanctum Inc.s AppScan
  • SPI Dynamics Inc.s WebInspect
  • Kavado Inc.s ScanDo
  • OWASPs Web Scarab (still in the planning stages)
  • Cenzic Inc.s Hailstorm (a more general-purpose fault-injection system than the tools above)

Web application firewalls
This is an emerging product category that uses stateful traffic inspection to dynamically parse and filter incoming HTTP requests, allowing only legitimate requests to pass. This is an immature market segment, but its potential effectiveness is high, and we think this approach is the way of the future.

  • Sanctums AppShield
  • Stratum8 Networks Inc.s Stratum8 Application Protection System 100
  • OWASPs CodeSeeker (Version 1.0 release planned for early this year)

Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel