This white paper looks back over the main stages of the parallel changes in companies' needs, the threats to the security of their applications and the tools available to them for risk management. Once this retrospective is complete, broad outlines of the required changes to your applications' dedicated security tools will be presented.

This document illustrates how rWeb, a leading Web Application Firewall developed by DenyAll, can contribute to help businesses obtain PCI certification.

This whitepaper describes the different types of threats targeting applications and the true impact that they have today on an enterprise’s business. It analyses why traditional security solutions (firewalls, anti-virus, intrusion prevention systems), developed to protect networks and systems, are simply not delivering sufficient protection at the application level. We shall next set out an approach to network security based upon proactive security mechanisms. Finally, we shall describe DenyAll’s security solution integrating proactive security processing, acceleration and simplification of organisations’ Web/XML application environments.

This paper will first identify the main components of a web service infrastructure and clarify their roles and purpose. In the second part we shed the lights on existing security standard which deserve specific attention. Then we will focus on the threats such an infrastructure is exposed to, by detailing attack techniques and their impact on the security of the targeted services.

This paper will explain the main dangers of such an architecture and how installing a Web Application Firewall can help solving them, much more efficiently than by using a VPN.

Mitigation of attacks targeted to Web Applications is commonly performed thanks to two security mechanisms, known as negative and positive security models. Both of these models have limitations, either functional or related to their implementation.

Web applications that transport vital company data have become the preferred target of malevolent users. Hackers exploit the vulnerabilities of applications by manipulating the content of HTTP(S) xchanges. The impact of intrusions such as these can lead to service interruptions, confidential data theft, transaction hijacking or a loss of brand image…