Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


Group sets minimum standards for security firewalls

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

November 8, 2004

A small group of security companies has set a baseline standard for application firewalls and has challenged the industry's biggest players to put their goods to the test. The Applications Security Consortium, comprised of F5 Networks, Imperva, NetContinuum and Teros, plans to make its formal launch at the Computer Security Institute's annual conference in Washington, D.C., on Tuesday.

The joint initiative aims to establish "minimum criteria" for protecting Web-based applications.

"The four of us have expertise in application firewalls, and it occurred to us independently that there was a need for clarification in the market," said Gene Banman, chief executive of NetContinuum, who noted the group formed last month. "The incumbent security vendors have made claims about application firewalls that have created confusion in the space."

Get the best Linux or Windows Web hosting plan for your website.
Get the lowest rate and the best tech support on any Linux or Windows hosting plan. Learn more by clicking here.

The Applications Security Consortium's five criteria for application firewalls say a product must:

Detect and block application inputs containing malicious executable commands.

Prevent attempts to insert illegal data types into application inputs by controlling the format and type of data.

Prevent cookie tampering by blocking attempts to modify application state information stored in cookies.

Prevent attempts to modify application form fields, which are used to accept user input for processing, storage and display.

Prevent attempts to modify URL parameters. The group said Monday it has invited Symantec, McAfee, Cisco Systems, Juniper Networks and Check Point Software Technologies to test their security software and hardware products against five criteria. ICSA Labs, a subsidiary of security firm TruSecure, will conduct the tests and issue certifications to those that meet the criteria. The security companies have a Nov. 22 deadline to respond to the challenge.

The invitations were sent out on Thursday, the group said. Symantec and Cisco said they have received their invitation and are currently reviewing it. Juniper, McAfee and Check Point did not have an immediate comment.

One of the explicit goals of the program is to improve protection for underlying software protocols and application code in Web applications. The Applications Security Consortium said many security companies promise such safeguards, but have failed to live up to those claims.

"The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats," the group said in a statement. "Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web."

Analysts said the five evaluation criteria are a good "starting point" and that they do not seem to favor features in products from the consortium founders.

"If you need an application firewall, this standard will help you make that assessment," Gartner analyst Greg Young said. "We think customers should establish their own criteria, but this should ease some of the selection load and save some in-house testing time."

He also noted that comparing Symantec and some of the other larger security companies, with their breadth of products, to the niche application firewall in the consortium is a "pears to oranges" comparison.

"Antivirus and firewall vendors offer two different classes of products," Young said. "The important part of this announcement is the criteria. The challenge is less important."

Don't write your own press release. Have it done by experts.
Press Broadcast is a professional press release publishing agency. Click here to find out more.

Earlier this month, the Morris Internet worm, one of the most prevalent forms of Web-borne IT attacks, achieved its unofficial sixteenth birthday. In 1988, the Morris worm, written by a 23-year-old student, was released on the embryonic Internet and overloaded thousands of Unix-based VAX and Sun Microsystems systems in a matter of hours.

Since that time, security threats have grown infinitely more prevalent and complex, creating what will grow to be $2 billion market for application security over the next five years, according to latest estimates from research firm The Yankee Group. The companies in the Applications Security Consortium maintain that a lack of security industry collaboration has made it difficult for companies to find tools that provide genuine protection against Web application exploits.

Source: C-Net News


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer