You are here: silicon.com > Resources > White Papers > Software and Web Development > Software Development Tools > Application Servers

Application Servers White Papers

WSF: An HTTP-Level Firewall for Hardening Web Servers

Tags:
application servers

Overview Due to both complexity of administration, insufficient checks on input data in many web applications, as well as lack of a single place to enforce security policy, web servers remain prone to external tampering. This paper proposes WSF (web server firewall) to protect web systems with three new mechanisms. First, WSF provides a language for specifying fine grained access control policy and enforcing it at the perimeter of a web server. Second, to prevent abuse of web application with malicious parameters, WSF allows web application developers to specify the restriction on application running parameters, rather than requiring them to enumerating all possible invalid input patterns, which substantially simplify input validation.

Further White Paper Details
Publisher	University of Michigan	File Format	PDF
Date Published	February 2006
Format	White Papers
Topics	Application Servers, Firewalls, Security Tools

Did you find this white paper useful? 3 out of 6 users found this white paper useful

UK Police Authority Supports Investigations With Powerful Solution and Reduces Expenditure by 90 Per Cent

Publisher:
Dell

Tags:
application servers

Dell Case Study: CareerBuilder

Publisher:
Dell

Tags:
application servers

IBM WebSphere Application Server Family: Flexible Infrastructure for Today's Business World

Publisher:
IBM

MSDN Webcast: Building Asynchronous Contextual Collaboration With Exchange Web Services (Level 300)

Publisher:
Microsoft

TechNet Webcast: Extending Excel With Excel Services (Level 200)

Publisher:
Microsoft

To forge an effective security policy, forget the firewall

But is it safe to rely on a firewall? Behind the firewall you've got to have intrusion detection systems so you can monitor external and internal users. Even after spending a lot of money on technology, a firewall can easily be installed wrong.

Channel:
Comment & Analysis

Microsoft issues "critical" Office security alert

As detailed in Microsoft's security bulletin, a malicious user could create a document with a VBA application that's designed to overflow the buffer - the chunk of memory that's allocated to a program - and then run other code.

Channel:
Security Strategy

Father of the internet says email ID will cure spam

Many major companies are also helping foster the checks and balances necessary to ID those sending unwanted email. Getting to critical mass with those sorts of mechanisms will be really interesting," Cerf said to an audience of technology...

Channel:
LANs

HP printer software warning

The flaw is caused by an input validation error in the web server that's part of the software, according to a Secunia alert, published on Wednesday. The flaw could allow a remote, unauthorised malicious user to retrieve arbitrary files from a...

Channel:
Malware
Tags:
printers,
printer

Cisco warns over pair of network flaws

Cisco NAC Appliance, which checks external devices attempting to log on to a company network are compliant with security policy, contains two flaws that an attacker could use to gain control of the devices, or compromise sensitive information...

Channel:
Security Strategy
Tags:
flaws,
cisco

Mobile management woes? O2's here to help

Businesses signing up will also have access to O2's Professional Services team for strategic input and regular service "health checks". The service is aimed at businesses with more than 100 mobile data devices and O2 claims it will help enterprises...

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Application Servers White Papers

WSF: An HTTP-Level Firewall for Hardening Web Servers

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific