Application Security Overview PSC SecureScan White Label Security Service Common Application Threats Security White Papers Consulting IT Security Project Management Website Development ScanDo InterDo

Firewalls are not enough " Traditional firewalls - when properly configured and managed - do a good job of thwarting many network-level attacks, but do little to address gaping holes in Web applications where intruders commonly attack Web sites directly through form submissions or URL manipulations." NetworkWorldFusion, 2003

Web Application security is one of the most important and challenging aspects of IT security. Security managers are realizing that their applications are rapidly becoming the favorite target of attackers and that even with traditional network security measures in place (e.g. Network Firewall, IDS), their applications and subsequently mission critical data may still be at risk.

"Today over 70% of attacks against a company's network come at the 'Application Layer', not the network or System Layer." - Gartner Group

Applications are what make business possible in today's environment and protecting applications has presented businesses with new challenges unlike those associated with protecting the network or system layer.

Applications are differentiated by the functions that they serve, process and utilize within the business environment. As a result, no two applications are alike and traditional network security practices fail to adequately protect a company's applications.

Solution Benefit Protection from: Manipulation of IT Infrastructure (exploitation of vulnerabilities in an integrated environment, such as common files or folders) Parameters Tampering (modifying parameters in the HTML document and then submitting the modified values to the remote server) Cookie Poisoning (changing or exploiting cookie content) Stealth Commanding (planting hidden commands in text fields that effect execution of malicious code) Backdoor and Debug Options (exploiting vulnerabilities left open in the developed code) 3rd Party Misconfiguration (exploiting errors in 3rd party components, such as web and database servers) Database Sabotage (linking various SQL commands to input fields or messages) Buffer Overflow Attacks (sending large request messages to the application, attacking either 3rd party or internally) Data Encoding (sending requests using different data encoding standards such as Unicode, UTF-8 and UTF-16) Protocol Piggyback (modifying the application protocol structure)

The objective of application level security is to prevent attackers from gaining unauthorized access to the company's mission critical data and network resources by exploiting weaknesses in the applications themselves. Exploitation of IT infrastructure vulnerabilities and misconfigurations, third party and customized software vulnerabilities, and database manipulation are some of the more common application threats.

Today's web applications provide direct access to the company's most valuable assets, specifically the digital information stored within the company's databases. If exploited by attackers, the severity of the damage may not be limited to the company's network, but it may also effect the company's reputation as negative publicity, insecure public perception could drive both existing and new clientele away from the company.

A 2002 FBI report on cyber security provided startling results regarding the frequency and severity of application layer attacks, and by all indications, application level attacks are on the rise.

90% of the survey's 500 respondents detected computer security breaches in the past year; 80% of those suffered financial losses as a result
66% of all hackers enter through their victim's public web site

PSC offers both service and product based solutions that will protect a company's web applications, mission critical data, financial well-being and public reputation.

PSC Solutions

Service Solution (SecureScan) - Our external remote web application assessment will provide you with a complete overview of all vulnerabilities in any given application free of charge. (more information)

Product Solution - We offer the full suite of KaVaDo products, ScanDo (Web Application Scanner), InterDo (Web Application Firewall) and Auto Policy (ScanDo and InterDo bundled together), which can be evaluated in your own environment at no charge for a limited time. (more information)

Privacyware- Host Intrusion Prevention Software + Application Firewall for Microsoft® IIS

Capacity Management Solutions
Pedestrian and Vehicular counting solutions are the new standard in customer intelligence and information gathering. PSC partner KaVaDo acquired by Protegrity
Protegrity Corporation, the leader in Data Security Management solutions, announced today the acquisition of PSC partner KaVaDo, a Stamford-based provider of web application security products. Web Application Security
The US Federal Trade Commisson (FTC) recommends the OWASP Top Ten for all businesses. * The 10 Most Critical Web Application Security Vulnerabilities was produced by the Open Web Application Security Project (OWASP). It describes common vulnerabilities for web applications and databases and the most effective ways to address them. Attacks on web applications often pass undetected through firewalls and other network defense systems, putting at risk the sensitive information that these applications access. Application vulnerabilities are often neglected, but they are as important to deal with as network issues.

PSC Partner, KaVaDo, Maintains Growth
PSC Partner, KaVaDo, maintains growth with $10M in third-round funding led by Pequot Ventures Community Sport Network
CSN launches its newly developed interactive website, designed and developed by ProSoft Consulting Inc. (PSC).
Soap & Web Services Protection
Web Services - the next big thing in IT, but what about security?

DoingSuccess.com

Is the Internet Fulfilling Your Needs?
When we sit down at a computer and take the time to "use" the Internet, what are we looking for?

Client Focused!
Read about ProSoft Consulting's Client Focused Development Approach, and why it may be right for you!