web of defence

Many successful server attacks from outside go through the CMS or the web shop of a company.
Protect your CMS or web shop from manipulation and data theft with web of defence. Internet criminals are getting more and more creative, both in technical and organizational terms. Firewalls, reverse proxies and IDS/IPS systems can’t provide effective protection for web applications.

Learn more about threats and the different kind of attacks:

SQL-Injection

At first sight, a SQL injection attack looks like a harmless request. However, when an attacker enters a SQL command into the Name field and this command is accepted, he or she can retrieve, without authorization, sensitive information from a database. Malicious requests in large numbers can completely paralyze whole web applications.

With man-in-the-middle attacks, the data thief steps between two communication partners - such as vendor and customer, for example. Since he makes both parties believe that he is the other conversation partner, he is able to redirect data streams to his address.

Session riding is the unauthorized takeover of a HTTP session. Commands are smuggled into the running session of a user; then these commands are conducted with the privileges of the attacked user.

Here the attacker takes over the user’s session and is so able to make use of the user’s privileges.

In this case, attempts are made to make the browser perform specific actions under the name of the legitimate user.

Visual spoofing refers to an attack that suggests to users that they are in a known and safe environment. However, in reality original elements of the browser are replaced by forged plagiarized elements on a manipulated website. Thus a lock symbol is displayed in the status bar, even when there is no secure HTTPS connection. When the symbol is double clicked, a forged window is opened which displays a presumably trustworthy certificate.

Here all kinds of input combinations, such as a session ID for example, are entered to guess a valid entry.

Changing the values of cookies that the web application stores in a user’s web browser to save a specific status. Normally the web browser should send these cookies back to the application without any modifications.