Michael Neuhaus

Application Level Security Management Michael Neuhaus

Diplomarbeit, die am 28.02.2005 erfolgreich an einer Fachhochschule in Deutschland eingereicht wurde. Abstract: Today, more and more enterprises are developing business applications for Internet usage, which results in the exposure of their sensitive data not only to customers, and business partners but also to hackers. Because web applications provide the interface between users sitting somewhere within the World Wide Web and enterprises? backend-resources, hackers can execute sophisticated attacks that are almost untraceable, aiming to steal, modify or delete enterprises? vital data, even when it is protected by passwords or encryption. As recent viruses and worms such as Nimda, CodeRed or MSBlast have shown, modern attacks are occurring at the application itself, since this is where high-value information is most vulnerable. Such attack scenarios a becoming very problematic nowadays, since traditional network security products such as firewalls or network intrusion detection systems are completely blind to those malicious activities and therefore can not offer any protection at all. Modern protection mechanisms require more sophisticated detection capabilities in order to protect enterprises assets from such attacks now and in the future. Additionally web application security currently is a highly dynamic and also very emerging field within enterprises? IT security activities. Therefore this diploma thesis aims to provide a strong focussed picture on the current state of web application security and its different possibilities to raise the overall security level of already implemented web applications and also of future web applications. Acting as a basis for further analysis, the currently most common web application vulnerabilities are described to get an overview of what a web application has to be protected of and where the root problems of these weaknesses are lying. Although these generic categories may