To protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy applications too.
ZSL has developed an Anti-XSS library for Java which is a port of Microsoft’s Anti-Cross Site Scripting (Anti-XSS) library for .NET applications. This package was created to prevent Cross-site scripting attacks on websites. ZSL uses this library in all their java applications and provides Anti-XSS based services
The service provides a wrapper around your existing web sites, ensuring that common attack vectors to not make it to your application. Protection is provided as standard for
- Cross Site Scripting
- SQL Injection
We also provide services in handling the following types of Web application vulnerabilities
- Session Stealing (Session Hijacking)
- Directory browsing
- Blind SQL injection
- Brute Force
- Insufficient Authentication
- Session Fixation
- Insufficient Authorization
- Insufficient Session Expiration
- Content Spoofing
- Buffer Overflow
- Format String Attack
- LDAP Injection
- OS Commanding
- SSI Injection (Server Side Include)
- XPath Injection
- Information Leakage -(Error message content checking)
- Path Traversal
- Predictable Resource Location
- Denial of Service
- Assessment: ZSL’s team of dedicated engineers would first assess the candidate application. In this phase the application would be run against industry renowned security testing tools like Rational AppScan to detect web application vulnerabilities.
- Threat categorization: Then the engineers look into each threat and categorize them.
- Threat elimination: After that, each threat is taken and the Anti-XSS library is used to eliminate it. This is done manually by our team of engineers. If a threat lies beyond the scope of the tool, then the engineers to an extra mile to manually re-write those portions of the application code. This happens sometimes.
- Verification: After everything is completed, the security testing tool is run again on the web application to verify that all threats are eliminated.
- Documentation: After the whole process is completed, a comprehensive document is generated comprising of all threats and the resolutions to those threats.
- Support: After the application is fixed then support is provided on a need basis.
- All web application vulnerabilities eliminated.
- 40-50% of the effort is reduced by using the Anti-XSS library.
- Complete documentation ensures future protection against attacks.
- Effectively addresses the time to market needs.