HIVE 3.0

Web hacks are a fact of life. There's no way to guarantee Web application security, given the increasing sophistication of intrusions and the continued use of inherently insecure programming languages, such as C and C++.

Sentryware's HIVE 3.0 stands alone with its fresh approach to securing Web apps, user data and corporate brands. The appliance proxies all inbound and outbound transactions to protect Web applications from known and unknown attacks. The magic is in its unique technology, which effectively uses application-layer tokens to proxy each Web transaction and validate requests.

Most perimeter-based Web app security products require detailed knowledge of the application and its infrastructure, which translates into time-consuming, often cumbersome deployments. In stark contrast, the only information you need to put HIVE into action is contained in what first appears to be alarmingly scant documentation -- alarming until you see how well the product blocks Web based attacks with a minimum investment of time and effort.

Plan to spend only an hour to 90 minutes configuring HIVE for an individual enterprise application -- enough time to input app and network particulars, including site location, firewall information, account creation and audit controls.

More Information Secure your Web-based applications. Learn how to lock down your Web applications.

HIVE's technology stops automated hacking tools from directly compromising the site, and stops malicious users from manually attempting to modify requests. We tested HIVE on two Web sites we created and the Open Web Application Security Project's (OWASP) WebGoat. HIVE stopped every common and advanced attack we fired at it: multiple variations of cross-site scripting (even encoded CSS attacks that spanned multiple lines within a form), Universal Resource Identifier (URI) buffer overflows, JavaScript parameters, hidden form field manipulations and SQL injections.

While HIVE is easy to use, the technology under the hood, which Sentryware calls Context Authentication, is quite complex.

HIVE creates and manages secure application-layer tokens, which it injects into Web code for each proxied transaction to keep track of Web app security data during user sessions.

For example, a user's browser request for a HIVE-protected Web page will generate a token, which is placed in the application's response. Future requests to the application require HIVE tokens, which continuously change. HIVE analyzes each token for any human modifications to Web requests, such as cookie manipulation, and flags and disallows these changes through a series of internal algorithms. HIVE is unique in that it doesn't need to keep user state information in memory, or time out and synchronize session entries among various nodes.

Security managers can create and manage accounts and application preferences through HIVE's easy-to-use Web interface. It centrally manages, monitors and updates multiple appliances through its new management console, making HIVE a true enterprise-class product.

Since HIVE is an inline appliance, performance is critical. Each HIVE appliance can handle approximately 400 unencrypted HTTP or 150 HTTPS round-trip transactions per second. An SSL accelerator will boost that performance to 250 HTTPS transactions per second. Unless you're a pure-play Internet company, a few appliances should suffice.

HIVE works smoothly with all browsers, unlike some Web security proxies that continue to have issues supporting Netscape or Mozilla's Firefox.

Sentryware's HIVE is cool technology that works. It stops known attacks with an excellent level of confidence, and the enterprise management console reinforces this product's already strong value proposition.

About the author
James C. Foster (jfoste24@csc.com) is deputy director of global security solution development at Computer Sciences Corp. He was technical advisor for Hacking the Code(Syngress, 2004) and lead author for the upcoming Advanced Security Code Development (Addison-Wesley, 2004 ) and The Ultimate Security Programmer's DeskRef (Syngress, 2004).

This review originally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Security Buyer's Guide,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Security Buyer's Guide Keystroke dynamics makes BioPassword Internet Edition a viable authentication option Access security with KoolSpan's SecurEdge NetChk Protect 5.5 Biometrics: Best practices, future trends 2006 Products of the Year: Emerging Technologies Secure Sphere 2.0 Scan & Deliver: SLAs force service providers and outsources to hit the mark ... or hit the road Secure remote access: SSH Tectia Manager Spycatcher Enterprise 3.2 Configuresoft's Enterprise Configuration Manager v4.7 Web Application Security Black box and white box testing: Which is best? InZero Systems launches hardware-based security gateway Web application vulnerability assessment shows patching progress Preventing SQL injection attacks: A network admin's perspective Cisco acquires SaaS security vendor ScanSafe Web application firewall use goes beyond compliance, company finds Gumblar Trojan drive-by exploits spike following Adobe update Some Facebook applications lead to Russian attack sites Barracuda acquires Purewire expanding Web security reach An enterprise strategy for Web application security threats RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.