PDF
Link to OWASP
Skip Navigation LinksHome :: DefenderWall :: AppDefender

AppDefender protecting your DMZ and web applications

Business Problem:


Companies that deploy web-based applications and accept client information over the Internet are vulnerable to many exploits. Client-based (browser) software can’t be trusted. Anyone can change data that is received from the web application and send back a command that could cause the application to misbehave or worse, open up the machine on system to more devious attacks.


The very nature of web applications – their ability to collate, process, and disseminate information over the Internet, exposes them in at least two ways. First, they have total exposure by nature of being Internet accessible. This makes security through obscurity impossible and heightens the requirement for hardened code. Second, and most critically from a penetration testing perspective, they process data elements from within HTTP requests – a protocol that can employ a myriad of encoding and encapsulation techniques – or Vulnerabilities!


Most web application environments including ASP and PHP, expose data elements to the developer in a manner that fails to identify how they were captured and hence what kind of validation and sanity checking should apply to them. Because the web “environment” is so diverse, and contains so many forms of programmatic content, input validation and sanity checking is the key to web applications security. This involves both identifying and enforcing the valid domain of every user-definable data element, as well as a sufficient understanding of the source of all data elements to determine what is potentially user definable.


Application security is a constant struggle to maintain balance between functional requirements and business drivers, deadlines, and limited resources. Smart security measures should not disrupt the development or performance of your applications – they should streamline them.


xDefenders offers (2) solutions; a Security Appliance and a Vulnerability Assessment Project to address the issue of web application security.


AppDefender Appliance:


As a hardened Linux WebFirewall appliance, AppDefender provides network isolation, address translation (NAT) and HTTPS to HTTP conversion. This Reverse Proxy provides a physical layer of security in front of vulnerable, typically Microsoft-based, Web Applications. This Proxy can inspect and stop invalid or malicious web traffic. Additionally, the AppDefender can provide load balancing among multiple web servers, being a single point of access-control. There are overall performance advantages of this solution because the appliance does caching, handles SSL and compresses outbound traffic, and frees up web server resources.