Using rational AppScan to secure Web applications, part 2nd

Using Rational AppScan to respond to WEB application attacks

The history of Internet development can be said to be the process of continuous development of attack and protection. At present, web security has increased an unprecedented level, but attacks against the site have frequently succeeded. How to maximize the protection of WEB applications, IBM Rational has put forward a comprehensive solution. The first part introduces the basics of Web security and Rational AppScan. This paper gives a comprehensive introduction to the status quo, root of the Web security and technical details of Rational AppScan products, and finally expounds the deep value that IBM solutions bring to the enterprise.

1 Current WEB security status

The history of Internet development can be said to be the process of continuous development of attack and protection. WEB security has increased an unprecedented level of global Internet users, which have reached 1.35 billion, using the internet for shopping, bank transfer payments and various software downloads, and enterprise users rely on the Internet to build their core businesses.

However, in the real world, attacks against the Web site intensified and frequently succeeded. Cardsystems is an American firm that specializes in credit card transaction information. The company provides data outsourcing services to major credit card organizations such as MasterCard (Master), Visa and American Express, and is responsible for reviewing consumer credit card numbers, expiration dates, and so on, and then sending them to the bank to complete payment procedures. The company handles credit card information for more than 100,000 companies, with an annual business amount of more than 15 billion dollars. The 15-Year-old company had no idea that a hacker had hacked into its computer system and stolen 40 million credit-card data. This information includes the cardholder's name, account number, and so on. This is the worst credit card information leak in America's history. This attack not only to consumers, the company caused a huge loss, and even the U.S. credit card industry has a serious impact!

The misunderstanding of 1.1 Web security

But what is web security, or what kind of Web site is safe? Users tend to have some common misconceptions.

"Web sites use a firewall, so it is safe" whether the application-level or port-level firewalls are targeted at the network level attacks, by setting accessible ports or applications to exclude malicious access, however, how to identify the goodwill and malicious access is a problem. Once access is allowed, subsequent security issues are not firewalls that can handle it. "Web sites use IDS, so it's safe" to protect against network-level attacks through pattern recognition. However, similar to firewalls, access to attacks through normal connections cannot be identified and processed by exploiting program vulnerabilities. "Web sites use SSL encryption, so it's safe" SSL encrypts the information that is sent and received by the site, but SSL does not guarantee the security of the information stored on the site and the privacy of the site visitor. Examples of 64-bit or even 128-bit SSL-encrypted sites have been overrun by hackers. The vulnerability scanning tool found no problems, so it's safe. The current vulnerability scanning Tool has been used extensively to look for some obvious network security vulnerabilities. Similarly, the scan tool cannot detect a Web site application and cannot find vulnerabilities in the application itself. "We hire security personnel (Pen Tester) to audit every quarter, so it's safe." Human detection is not only inefficient, more uncontrollable factors, but also for the frequent changes in the code today, Pen Tester can not meet the overall security needs

However, these methods do not guarantee the security of WEB applications, attacks on the application level can easily break through the firewall-protected sites. For example, the most common SQL injection attack performance level is a perfectly normal data interaction query. This is the most normal access connection for a firewall or intrusion detection system, and there is no feature that can indicate a malicious attack on such an access connection. As a result, some simple SQL injection statements can make it easier for Web sites that are equipped with expensive network security devices to be compromised.