WebSniper

WebSniper is a unique product, developed by BugSec's R&D Department for the purpose of protecting organizational Web servers and the applications stored on them.

WebSniper prevents the possibility of exposure on Web servers – such as SQL Injections, Buffer Overflows, Path Traversal, Cross Site Scripting, etc. – by implementing appropriate identification and blocking mechanisms. The identification is performed via signatures of known attacks and "behavioral patterns" of unknown attacks, enabling to block them while managing alerts to the organization's Information Security Center/Manager. The product's features enable the Information Security Department to manage the definitions of the WebSniper installed on the Web servers in a controlled manner, and to determine rules in accordance with the organization's policy; rules that will enable to prevent such or other exposures according to a scale of severity, or based on procedures that have been predefined by the organization.





WebSniper identifies and monitors the requests sent by the user via the Internet, and distinguishesbetween the legitimate requests that are approved, and the illegitimate requests that are interpreted as attempted attacks, and which will be blocked before they arrive at the organization's Web server. The product's features can, of course, enable only monitoring of traffic (without blocking) – based on the organization's information security policy and the preferences of its Information Security Manager. Furthermore, WebSniper checks and modifies the responses returned from the Web server, in order to secure the client's side and prevent leakage of information.

WebSniper, which was developed as an ISAPI file, can therefore communicate more efficiently with the Web server. With the help of an administrator interface and a central database, a large number of Web servers can be protected and/or monitored, by securing the Web server farm "gate" – or by protecting each server separately using the same product.

WebSniper's advantages are manifested in its ability to identify not only known attacks, but also attacks that are unknown in advance, and to dictate their handling as defined in the configuration, for example:

  • Checking the appropriateness of the HTTP/S request, to prevent various attacks on the server side and on the application, as well as to prevent new attacks;
  • Checking data returned from the Web application, to prevent the leakage of sensitive information; · Hardening of the client's browser, which will produce an enhanced level of security in his environment; · Learning the users' behavioral patterns and identifying irregular behavior based on this acquired knowledge;
  • Blocking known attacks via WebSniper product signatures; and the ability to add, edit and delete signatures and perform ongoing updating of signatures of new attacks;
  • Protecting from worms, viruses and old (known) break-in tools, as well as new (unknown) ones;
  • Providing 3 additional layers of protection on the application, server and client sides;
  • Protecting from old and new attacks:
  • Brute force
  • Directory indexing
  • Format string attack
  • Insufficient anti-automation
  • Path traversal
  • SQL injection
  • Cross site scripting
  • XPath injection
  • SSI injection
  • HTTP response splitting
  • LDAP injection
  • Session fixation
  • Buffer overflow
  • Unicode
  • Information leakage
  • OS Commanding
  • Fingerprinting
  • Format string attack
  • Predictable resource location
  • Denial of service

Additionally:

  • Quick, easy assimilation;
  • A significantly lower cost than that of competitors' information security products;
  • Complete statistics and the presentation of data in a broad range of cross-sections;
  • A user-friendly interface;
  • A central data base for administering several servers.

For additional details, please view the WebSniper Presentation.