Question

Define and discuss typical Web Site and Web Application Security tools and attack

mitigation processes.

Answer 1

Security Tools:

Definition: The tools which provide security to a web site or a web application by detecting malicious acitivity or security vulnerabilities are known as Web site or web application Security tools.

There are many open source security tools available which provides security by scanning for vulnerabilities. These scanners use a technique called black box testing to detect any security vulnerabilities.

Few of them are:

Vega, Grabber, W3af - All these are open source and can be modified according to one's requirement.

To protect oneself from attacks: websites should follow high level encryption, use firewalls, install anitivirus softwares in the systems and use strong passwords.

Attack Mitigation Processes:

In case of any vulnerability to the Web application,

i. Web application firewall:

A firewall protects a website or an application from malicious attacks. It protects the application from attacks from HTTP (Hyper Text Transfer Protocol) sites (which are not secure).

Thus, a web application firewall's (WAF) job is to protect the application from attacks to the application layer.

ii. DNS Security

DNS stands for Domain Name System is the library of the Internet. It contains procedures and the path how a web browser in your system accesses a requested website or an application.

Hackers or attackers use on-path attacks or DNS poisoning to attack this DNS request and make them a victim.

Thus CloudFare service can be used which provides DNSSEC to protect the users from these on path attacks.

DNSSEC : It provides additional security by adding at the entry level an additional security layer.