Account
Please wait, authorizing ...

Don't have an account? Register here today.

×

Web Protection

The active role played by the theft of information over the Internet is the order of the day.  Currently applications have migrated in a good percentage to the mobile part; the scourge of information theft and/or cloning is present in all areas. 

by Osvaldo Callegari

In the mobile segment, countless transactions of different kinds are carried out, such as banking, where you have access to accounts, balance queries or electronic payments. There are also applications of companies that expand their services through mobility with products such as corporate messaging, order taking or other variants that allow an organization to expand management. It should be noted that after consulting a series of executives who travel permanently due to their work, we found that their greatest fear is that their personal data will be stolen.

A tip for mobile users: it is healthy to carry out personal transactions from the cell phone in stable environments, that is, the user must pay attention to the data that arrives on his mobile to avoid a possible cloning, and as a friend who lives with this item told me: "at the slightest doubt you should call the bank", this in order to corroborate that the screen that is presented to us is the original.

With the subject of mobile applications it is always necessary to get advice from the entity before using the product, familiarize yourself with the images that one is going to visualize on the phone, and if possible, get a video demo to later analyze its use. In this way we reverse the possibility of being cloned the data of our accounts.

There are also areas related to the Internet where security must be rigorous, such as:

- Publicidad -

Item Buying and Selling Sites
• Banking Sites• ATM Sites
• Credit card sites
• Remote access from mobile phones

What is Web 2.0?
WEB 2.0 is the great transitional change of desktop applications oriented to those that generate collaboration and services focused on the end user.  With Web 2.0 a new Internet business model is defined.

This diagram exemplifies the entire structure of WEB 2.0

In order to control this mass of information, security tools are necessary. In this installment we will cite some with their cases from later studies.

What's New in Web 2.0
The challenges of Web 2.0 generated new applications and trends in the market. Threat and security applications manage to attenuate insecure information.

Webinspect 7 is one of the first applications to emerge in 2007 to address this challenge. This application can find the vulnerability in Web 2.0 technologies that common scanners do not find and perform multiple scans, incorporating audits of complex sites. What used to take eight hours for verification now takes 45 minutes.

A great advantage is the online manual with tools that allow to reduce the testing efforts by being able to automate them, but the disadvantage is that it is a very new product with little operating time that needs its final adaptation with use; however, it supports IPV6 and its new technologies.

- Publicidad -

Webinspect Case Studies

Colonial Bank (Banco Colonial)
This bank began to look for a solution to minimize threats on its web transaction sites and the cost of outsourcing investment was analyzed and with this system they combined the two unknown cost/benefit.

In this product they not only found how to identify vulnerabilities in external or internal applications, but also incorporated a set of tools that allowed them to use (with a high degree of precision) local verifications, such as the recent SQL utility: Injector, to control a SQL threat.

They focused primarily on the security of the bank's customers, on known and unknown vulnerabilities, to prevent a spread of information from becoming malicious, allowing confidential data, integrity and availability to be published at the time of use of a service.

Webinspect  helped them save all gramm-Leach-Billey SOX, PCI, and other regulations that require the confidentiality of data in day-to-day operations that must be secure, and helped keep confidential information private.

The utility, called Injector, can extract information from a SQL database with minimal customer data, and any high-level programming language could make it easier to access, says Jessica Jones, Information Security Colonial Bank. We say that the main banking applications are practically oriented in their capacity to E-Commerce.

- Publicidad -

Copenhagen End2end Company
This company began to mitigate the risk of developing mobile content software and were able to visualize the vulnerabilities of Web applications in minutes, which previously took them days to control.

Mobile content and information services are at the top of sales.  Consumer demand has grown tremendously in the market for smartphones and PDA personal assistants, in parallel with the sale of the same equipment.

As is the case of End2end, which is in this line of commercialization, this European company based on business-to-business B2B services, has a unique infrastructure to store, manage and deliver content to mobile operators and communications companies,  as well as other types of content in more than 20 countries.   Lycos Mobile, MSN, Sony NetServices and Vodafone.

End2end makes it possible to achieve ROI in mobile content projects. In that industry they apply Webinspect ® for their security.

Microsoft Case Study®
Microsoft® began the search market for applications that would increase Internet security; their interest was based on the following premises:

• Accuracy
• Processing speed
• Ease of reporting

Webinspect® was successful in its requirements in a company of this range.

With the enterprise edition, application developers, qaty technicians, professional auditors, and customer service officers controlled every phase of the web-based systems lifecycle. In this way, the need to control vulnerabilities in the codes was raised and with this tool they managed to cover an imperative need: security. This did not mean a panacea or that their projects were covered, but that they were able to dynamically control states that were previously impracticable.

The result of this case was that over three months of intense tests it was possible to add benefits. An important aspect was that it complied with the requirements of the main regulatory laws in the United States such as: Sarbanes-Oaxley (SOX) HIPAA Security in portability and management,  GISRA act of reform of security in government information and GLB Graham Leach Bliley in privacy requirements.

In the future, Costello (Microsoft's® Senior IT Auditor) sees Webinspect as a reliable partner for internal development processes.  Spi's product line makes Web applications secure from the start, integrating with the application in the development process. By also providing intrinsic security, programmers can run applications against the code they developed on time, ensuring a final quality free of security flaws, Costello says.

"When we started using Webinspect and showed it to our developers, they were impressed with this automatable tool that covered a large field of known and unknown vulnerabilities. Once they used it, everyone wanted to have a copy on their computer. In this way it was demonstrated how security tools arise when there are new challenges," says the auditor.

Computer Security
Below we will present the ten most important security threats and their trend according to SANS for this year.

Mobile Devices
1. Encryption of personal data on laptops will be  mandatory in several countries. All those who handle personal data or patient data.

2. The theft of PDA personal assistants or smartphones has grown significantly, as well as their internal information.

3. Actions of the United States Government. Congress and the state government are trying to legislate private customer protection,  which would legally sanction companies that lose confidential information.

4. Targets of Attacks. Attacks on government organizations have been on the rise in the last three years, with major shortcomings in responses with security activities.

5. Worms on cell phones infected at least 100,000 mobiles by jumping from one to the other through wireless networks.  The new computers come with feature-rich operating systems that make experienced attackers fertile ground.

6. VoiP (voice over IP) These systems will be the new target of cyber attacks, since this technology advances without contemplating security in all its aspect.

Attack techniques
7. Spyware.  It will continue to grow in unthinkable dimensions. Spyware developers will make more money with the possibility of new projects and new ways to attack distribution centers around the world.

8. A day without vulnerabilities. Researchers offer security flaws that they uncover to companies to pre-check before buying.

9. Most Bots (Malware Robot) can come with operating system installation tools, which can modify it and hide the attack, and it becomes virtually impossible to fix it unless you reinstall the system from scratch with a bootable disk.

Defensive strategies
10. Network access control is expanding its sophistication. Where the entry of any user is verified, restricting any possible access of a virus or a malicious code.

We can note that these are only ten security situations that SANS suggests®, the fact is that we must permanently update our resource bag to be up to date with the circumstances.

In the next installment we will delve into the implications of the Web 2.0 paradigm, its scope, its applications and in which segment it is being applied.

As usual in our article we analyze products on the market when there is a trend in the technology that marks a turning point.  The trial and the decision are in charge of the reader for its implementation or reference. It is intended to collaborate with a direction or sense in the industry, with its virtues and its shortcomings.

The trademarks and names mentioned belong to registered trademarks and/or registered names of their respective companies. The top-ten sans® has the proper written authorization. GNU licenses belong to their authors.

For queries, comments and / or concerns you can write to the email  [email protected] with the subject "web security".

Julián Arcila Restrepo
Author: Julián Arcila Restrepo
Chief Marketer
Communications professional, MBA, specialized in designing and executing successful Public Relations and Digital Marketing campaigns with more than 14 years of experience in areas related to communications.

No thoughts on “Web Protection”

• If you're already registered, please log in first. Your email will not be published.

Leave your comment

In reply to Some User
Suscribase Gratis
SUBSCRIBE TO OUR ENGLISH NEWSLETTER
DO YOU NEED A SERVICE OR PRODUCT QUOTE?
LATEST INTERVIEWS

Webinar: NxWitness el VMS rápido fácil y ultra ligero

Webinar: Por qué elegir productos con certificaciones de calidad

Por: Eduardo Cortés Coronado, Representante Comercial - SECO-LARM USA INC La importancia de utilizar productos certificados por varias normas internacionales como UL , Ul294, CE , Rosh , Noms, hacen a tus instalciones mas seguras y confiables además de ser un herramienta más de venta que garantice nuestro trabajo, conociendo qué es lo que certifica cada norma para así dormir tranquilos sabiendo que van a durar muchos años con muy bajo mantenimiento. https://www.ventasdeseguridad.com/2...

Webinar: Anviz ONE - Solución integral para pymes

Por: Rogelio Stelzer, Gerente comercial LATAM - Anviz Presentación de la nueva plataforma Anviz ONE, en donde se integran todas nuestras soluciones de control de acceso y asistencia, video seguridad, cerraduras inteligentes y otros sensores. En Anviz ONE el usuario podrá personalizar las opciones según su necesidad, de forma sencilla y desde cualquier sitio que tenga internet. https://www.ventasdeseguridad.com/2...

Webinar: Aplicaciones del IoT y digitalización en la industria logística

Se presentarán los siguientes temas: • Aplicaciones del IoT y digitalización en la industria logística. • Claves para decidir el socio en telecomunicaciones. • La última milla. • Nuevas estrategias de logística y seguimiento de activos sostenibles https://www.ventasdeseguridad.com/2...

Sesión 5: Milestone, Plataforma Abierta que Potencializa sus Instalaciones Manteniéndolas Protegidas

Genaro Sanchez, Channel Business Manager - MILESTONE https://www.ventasdeseguridad.com/2...
Load more...
SITE SPONSORS










LATEST NEWSLETTER
Latest Newsletter