Onderwerpen  |   Branches  |   Afdelingen  |   Bedrijven  |   FAQ  |   Nieuwsbrief  |   Contact

Minimaliseer aanvalsrisico's voor uw webapplicaties

Web application security: How to minimize the risk of attacks

Download Minimaliseer aanvalsrisico

Cybercrime gericht op bedrijven, ontstaan tegenwoordig vooral uit kwetsbaarheden in webapplicaties. Deze vormden in 2010 55 procent van alle gevonden beveiligingsissues. Deze mazen in het net zijn zeer specifiek en vallen vaak buiten de expertise van netwerkbeheerders. In deze whitepaper leest u hoe u met behulp van Qualys de risico’s kunt minimaliseren.

april 2011
  • Types kwetsbaarheden webapplicaties
  • Opsporen van kwetsbaarheden
  • Qualys Guard WAS 2.0
  • Bescherm uw applicaties
GUIDE WEB APPLICATION SECURITY How to Minimize the Risk of Attacks Table of Contents I. Summary II. Overview of Web Application Scanning III. Types of Web Application Vulnerabilities IV. Detecting Web Application Vulnerabilities V. Introducing QualysGuard® WAS 2.0 VI. Protect Your Web Applications VII. About Qualys 2 2 3 4 5 7 7 Guide: Web Application Security; How to Minimize the Risk of Attacks page 2 Summary Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg as the study includes only commercial web applications.1 Stories about compromised sensitive data frequently mention culprits such as "cross-site scripting," "SQL injection," and "buffer overflow." Vulnerabilities like these often fall outside the traditional expertise of network security managers. The relative obscurity of web application vulnerabilities thus makes them useful for attacks. As many organizations have discovered, these attacks will evade traditional enterprise network defenses unless you take new precautions. To help you understand how to minimize these risks, Qualys provides this guide as a primer to web application security. The guide surveys typical web application vulnerabilities, compares options for detection, and introduces the QualysGuard Web Application Scanning solution ­ an on demand service from Qualys that automates detection of the most prevalent vulnerabilities in custom web applications. Overview of Web Application Security Attacks on vulnerabilities in web applications began appearing almost from the beginning of the World Wide Web, in the mid-1990s. Attacks are usually based on fault injection, which exploits vulnerabilities in a web application's syntax and semantics. Using a standard browser and basic knowledge of HTTP and HTML, an attacker attempts a particular exploit by automatically varying a Uniform Resource Indicator (URI) link, which in turn could trigger an exploit such as SQL injection or cross-site scripting. http://example/foo.cgi?a=1 http://example/foo.cgi?a=1' http://example/foo.cgi?a=