 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
cirosec – Secure web applications and data bases Web applications and e-business applications push classical IT security to its limits as Web server attacks are carried out using the HTTP protocol. Firewalls, content security or IDS systems form an important fundamental standard here, however, they can neither identify nor prevent advanced attacks on the application level. Attack schemes such as SQL injection, cross-site scripting, manipulation of parameters or sessions are all-pervading and so a rethinking in security technology as well as new solution approaches are required. Databases and their contents are one of the most important resources of enterprise IT. Their security becomes more and more relevant because of the ever wider use of direct connection to Web applications and the increased connection of applications across company borders. Advanced measures for security on the application level must include all components, from Web servers and applications to databases to achieve an adequate total security level. The built-in security mechanisms of databases mainly focus on access control, i.e. there are authorization and role concepts whose granularity partially reaches down to the levels of individual tables and columns. In scenarios with databases directly connected to web applications which can be reached via the Internet or from partner networks, these mechanisms, however, no longer provide sufficient protection. For cirosec, security on the application level is not a marginal topic but has been a focal point for many years. Consequently, we work with all leading manufacturers of security products for web applications and databases, thus offering competent and manufacturer-independent consulting and conceptual design as well as comprehensive security checks. |
 |