Home  
   


Comparative Table
Web Site Vulnerability Terms & Definitions

  
 

There are multiple strategies organizations can deploy to impede hackers’ access to a Web site. However, sooner or later, most of these measures are circumvented, giving attackers opportunities to crash servers, alter content, and corrupt transactions. Web site integrity is a two-way street and technologies must be strategically placed in the network to provide maximum, effective Web content and application protection. The only way to achieve this is by combining intrusion detection and prevention capabilities to guard Web content and applications at both the entrance and exit points of Web servers. Gilian Technologies provides the first multi-function intrusion detection and prevention appliance that not only provides proactive entrance protection, but also verifies that all content exiting your Web server—and every functioning Web application—is authentic and unaltered.

The following table shows the most common Web site security gaps, and compares how various solutions either protect, or fail to defend against each vulnerability.

 

  
Return to Top
Web Site Vulnerability

Gilian
G-Server®

Application
Firewalls

Intrusion
Prevention / Detection
Systems
Damage Prevention
Block use of damaged data & configuration files NO NO
Block use of altered & unauthorized content NO NO
Block exposure of damaged & unauthorized applications NO NO
Damage Reporting
Forensic data collection & analysis NO
Details of damaged data files & applications NO
Web Site Content Recovery
Restore from backup NO NO
Alternative data/application source NO NO
HTTP Protocol Security
Known vulnerabilities
Application buffer overflow
Protocol piggybacking
Session management protection NO NO
HTML Application Security
Application & configuration tampering NO
HTTP session management protection NO NO
Input validation NO NO
SOAP/Web Services Security
Known vulnerabilities
WSDL compliance NO NO
WSDL integrity NO
Web Content Privacy
SSL acceleration NO NO
Block unauthorized content NO NO
User authentication & authorization * * NO
Product Performance Guarantee NO NO
 
Return to Top  
• Requires third-party product
       
Return to Top

Web Site Vulnerability Terms and Definitions

Damage Prevention – Provides Web content and application integrity through the use of real-time verification of both static and dynamic content. Defeats the intention of hackers by preventing any sabotaged content from being served.

Damage Reporting – Provides real-time notification and detailed forensic information—through log files—of the existence of damaged or unauthorized information on the Web site. Various reporting and delivery methods include e-mail, pager, telephone or fax to help in tracking down the culprits and pinpointing the tampered files.

Web Site Content Recovery – Real-time recovery mechanisms for restoring original content from backup or providing alternative sources of authorized content to automatically prevent the damage from a successful sabotage being published.

HTTP Protocol Security – Protects and validates all HTTP and HTTPS traffic, which includes verifying RFC compliance by means of correctness of both header values and protocol flow, confirming compliance with user defined header field boundaries, removing known malicious requests, and filtering out values within HTTP requests that could cause application misbehavior. HTTP protocol security protects against the following attacks:

Known Vulnerabilities: This involves exploiting known vulnerabilities or default settings that haven’t been patched or changed.

Application Buffer Overflow: Very long requests sent to an application exceed the allocated buffer size, which can allow hacker code to be executed or the attacker to overwrite crucial system data.

Protocol Piggybacking: Modifying the application protocol structure. An example would be the insertion of a specially crafted proxy-authorization header into an HTTP request.

Session Management Protection: Different methods are used to convert HTTP, a stateless protocol, into a session-oriented protocol, making it suitable to the implementation of applications. Common techniques are cookies, hidden fields, and URL parameters. All these techniques rely on certain values that are transferred to clients and returned by them to the Web server via HTTP requests. Malicious users can potentially modify these values to identify session or application states in an attempt to bypass certain application states or hijack other user sessions.

HTML Application Security – Prevents a Web application from executing corrupted transactions, programs, or scripts. Also protects against the processing of unexpected input that attempts to interrupt or bypass normal application flow. HTML application security protects against the following attacks:

Application and Configuration Tampering: This is the modification or defacement of applications or scripts in order to execute arbitrary code that is different from the original. Using this attack, a malicious user can access other application resources that otherwise would be denied, use the application to run unexpected functionalities, or even compromise the entire Web server. These sorts of attacks are transparent to devices that watch and detect suspicious traffic since standard and harmless URLs can perform the execution of these scripts to retrieve a listing of all users, passwords, credit card numbers or other confidential date stored in a database.

Session Management Protection: See description above.

Input Validation: By manipulating input in HTML forms that are then processed by a CGI script, a malicious user succeeds in running system commands that allows inappropriate access to a database on the site. For example, a form that uses a CGI script to mail information to another user could be manipulated through data entered in the form and cause the password file of the server to be sent via email to a malicious user, or to delete all the files on the system on execution of the command. Input validation prevents this from occurring.

SOAP/Web Services Security – Protects and monitors Simple Object Access Protocol (SOAP) traffic to ensure that Web services, Web Services Description Language (WSDL) documents and related applications are being changed, executed, or published only by authorized persons and according to defined procedures. It includes the following features:

Known vulnerabilities: See description above

WSDL Compliance: Web Service input validation based on the parameter definitions in the WSDL file.

WSDL Integrity: Real time validation of the WSDL file integrity. Defeats the intention of hackers by preventing an unauthorized alteration to the WSDL file. This alteration can open a Web Service to unexpected input, risking its stability. In addition, new authentic clients attempting to use the altered WSDL file will have their requests denied because they don’t comply with the real WSDL file, causing site downtime and unavailability.

Web Content Privacy – Enables organizations to protect control access to their Web content and applications by creating policies that define valid users and accepted identification methods.

Product Performance Guarantee – The ability to guarantee that the protection solution will never allow Web site visitors to see the effects of a hacked Web site.

  
Return to Top  
   
    Return to Top  
© Gilian Technologies Inc., 2001-2003, all rights reserved. GILIAN, GILIAN TECHNOLOGIES, GILIAN TECHNOLOGIES (and design), the G-LOGO, EXITCONTROL, G-SERVER, G-APPPROTECT and G-APPWATCH are trademarks or registered trademarks of Gilian Technologies, Inc. in the United States and other countries. Marks owned by other companies may be used on this Web site for identification purposes, and Gilian does not claim rights in such marks.
This site is designed and maintained by Lee Advertising.