Need Assistance?

Chat with a representative now.

+1 408 342 5400 / 888 268 4772

Barracuda Product Blog

Web Applications - The Weak Link of Security

Posted by: Oliver Wai, product marketing manager

Today’s hackers are becoming increasingly sophisticated in planning and executing well designed multi-vector attacks. It used to be that attackers only employed a singular strategy to attack end users or computer systems. For example, virus attacks used to be spread by an email attachment. However with the mass adoption of email security products such as the Barracuda Spam & Virus Firewall and increased public awareness, these attacks are no longer effective since most attacks are quickly contained or blocked once detected.

A hacker is at once a rogue computer expert and a social psychologist who understands how people react. In order to have any efficacy, today’s hacker must now use a number of mechanisms in tandem in order to trick users into sending personal data or downloading malicious software. A well disguised spam email that takes a user to a legitimate Web site that has been compromised in advance with a Cross-Site Scripting (XSS) attack to use social engineering techniques to steal personal or financial information is a typical example of the elaborate web a hacker weaves.

Web Applications – The Weak Link

An old adage states that “you are only as strong as your weakest link.” Organizations have made investments in network firewalls and IDS/IPS systems to protect their networks. They have invested in security products to protect their email.  However, many organizations leave Web applications unprotected.  Considering that 75-90 percent of all attacks today are against Web applications, there is shockingly little security awareness and protection deployed to protect Web applications.

Because of all the dynamic feature functionality expected by users, Web applications use numerous programming languages & protocols to build efficient, multi-tier applications. A small application can easily have hundreds of thousands of lines of code, use more than 4 programming languages and be written by teams of engineers who might not have met in person before or may not work for the organization anymore. Given all the moving parts that are required to build an application, it is nearly impossible to build a perfectly secure application. A US Department of Defense study indicated that there are nearly 15 critical security defects in every thousand lines of code.  According to Forrester Research, even if a security defect is found, it still takes on average 30-90 days before it is fixed, tested, and applied to the application.  Hackers know about the difficulty of writing secure Web applications and they readily exploit vulnerabilities for large financial gains.

Your corporate Web sites, eCommerce portals, and other Web properties need protection. If you can access an application from a browser, then it is a Web application. Internal applications accessed by your employees such as Outlook Web Access, Oracle Financials, Microsoft SharePoint, SAP, Peoplesoft, or Issue Tracking Systems are all Web applications that need protection from attacks. What are you doing to protect them and how can you manage the security on the numerous applications required to keep your business running?

Barracuda Web Application Firewall – Protecting and Accelerating Web Applications

The Barracuda Web Application Firewall is an industry leading Web application security appliance used by some of the largest banks, car manufacturers, and government agencies around the world. It is also used by numerous mid-market organizations and small businesses to protect their valuable Web assets. With thousands of appliances in deployment, it protects a sizeable number of domains that millions of people visit each year.

The key to the Barracuda Web Application Firewall’s success is in its ease of use. While there may be other solutions in the market, none provides the power, flexibility, and simplicity of the Barracuda Web Application Firewall. Using the industry standard reverse proxy architecture, the Barracuda Web Application Firewall provides deep inspection capability that allows it to protect applications from inbound attacks as well as outbound leaks of sensitive data such as social security and credit card numbers. Most importantly, the Barracuda Web Application Firewall is easy to configure and deploy. Using the predefined security policies included in all Barracuda Web Application Firewalls, many organizations have been able to self-install and protect against 85 percent of all Web application attacks in less than a day, sometimes in just a few hours.

In addition to Web application security, the Barracuda Web Application Firewall revolutionizes Web application delivery by providing numerous application acceleration capabilities free of charge. SSL offloading, load balancing, content routing, caching, compression, access control, server health monitoring, and TCP pooling are standard functionality on all enterprise-level Web Application Firewalls. Our design philosophy at Barracuda Networks is to design a solution that not only protects our customers Web assets but also enhances the application experience of our customers’ customer.

For questions about the Barracuda Web Application Firewall, please visit http://www.barracuda.com/waf or call Barracuda Networks for a free 30-day evaluation at 1-888-ANTI-SPAM or +1 408-342-5400. For more information on our other security and productivity solutions, please visit http://www.barracuda.com/products



Live Chat Support Software