WebKnowHow Friday, June 23, 2006; 02:43 AM
Mr. Ofer Shezaf, chief technology officer, Breach Security, Inc., and
an officer of the Web Application Security Consortium (WASC), will lead
the new Web Hacking Incidents Database project, a new initiative
designed to track all reported Web application security breaches. WASC
is an international group of security experts and industry leaders that
develop, adopt, and advocate best-practice security standards for web
application security. WASC maintains a number of projects to generate
web application security awareness, classify threats against web
applications, and provide evaluation criteria for web application
security solutions. The new Web Hacking Incidents Database (WHID) project tracks
publicly-reported security incidents that can be associated with Web
application security vulnerabilities exploited through targeted
attacks. The goal of the new project is to provide a tool to raise
awareness of Web application security problems and provide information
for statistical analysis of Web applications security incidents.
In the United States and Europe there are privacy laws that
require public reporting of security breaches, however these reports do
not indicate how the breach has occurred. The new WHID tracks such
security breaches assisting IT managers and business leaders in
assessing the threat in insecure web applications and better protect
their business-critical information assets. Additional information
about the new database can be found at the project's web site at http://www.webappsec.org/projects/whid.
"Understanding the cause of Web application security incidents is
vital to defending websites," said Jeremiah Grossman, founder and CTO,
WhiteHat Security and WASC co-founder. "The WHID project enables the
community to learn and improve upon our best practice standards."
"Web-based attacks are on the rise, and the WHID is an ideal tool
to alert IT Managers and the business community of the risks they face
unless they take the proper precautions to protect their Web
applications from targeted attacks," said Mr. Shezaf. "Effective
solutions for Web application security threats can detect and protect
against attacks and secure business-critical Web applications in ways
that exceed security from network firewalls and IDS/IPS solutions. The
CardSystems incident is known to be the worst ever security breach, but
how was it performed and how can one protect from a similar attack?
WHID provides answers to these questions."
Breach Security's flagship product is BreachGate WebDefend, a
non-intrusive web application firewall with comprehensive security
against all attack techniques against web applications and completely
automated application profiling for the lowest possible cost of
ownership. WebDefend provides the only web application firewall that
does not have to be deployed inline and provides 100% blocking
protection.
Mr. Shezaf is Breach Security Inc.'s CTO, and is responsible for
Breach's security research and products security features and
functionality roadmap. He is an officer in the Web Application Security
Consortium (WASC), and leads the Open Web Application Security Project
(OWASP) Israeli Chapter. Prior to joining Breach, Ofer specialized in
national information security and consulted to organizations such as
the Israeli National Information Security Agency and the Israeli
Intelligence Forces.
|