A10 Networks





Applications that provide services to end-users can be vulnerable to many threats. Although many of these threats can be prevented by application developers, this often is outside the web site owner's control. A10's Thunder TPS product line of Threat Protection System features web application firewall (WAF), which provides a layer of control between end-users and applications.

A WAF filters all application access, inspecting both the traffic towards the web application and the response traffic from the application. By securing both the application infrastructure as well as the application user, a WAF complements traditional network firewalls, which are not designed to protect at this granular level.


Threat Vectors

Applications can be vulnerable to many threats that are not detected by regular network firewalls. The impact of these attacks can be quite severe. The Open Web Application Security Project (OWASP) has compiled a list of the top 10 risks that still threaten many web application deployments. The top 10 of 2010 is virtually identical to the new 2013 version; the most common attacks have not changed dramatically over the years. Here are some examples:


  • Injection: SQL Injection Attacks use a Web form or other mechanism to send SQL commands or commands containing SQL special characters. By sending these SQL commands, the attacker can trigger the backend SQL database to execute the injected commands and allow unauthorized users to obtain sensitive information from the database. 
  • Cross-site scripting (XSS): XSS attacks exploit a Web server that does not validate data coming from another site. XSS can enable the attacker to obtain sensitive information, or to compromise a Web server. 
  • Sensitive data exposure: If Web applications do not protect sensitive data such as credit card numbers or Social Security Numbers (SSN), attackers are able to conduct identity theft, credit card fraud, or other crimes. 
  • Cross-site request forgery (CSRF): CSRF attacks force a user to send an HTTP request, including the victim's session cookie, to a vulnerable web application. To the vulnerable web application, this appears to be a legitimate request coming from the victim.
LandscapeNets Insider Threats are a major risk to your organisation. One of the most difficult part of managing the insider threa… twitter.com/i/web/status/1…
LandscapeNets Research shows that almost three quarters of security breaches are due to the #InsiderThreat. However, there are wa… twitter.com/i/web/status/1…
LandscapeNets Do you know your App from your Exploit. Get with the #Cyber lingo by checking out the @NCSC infographic - stay safe… twitter.com/i/web/status/1…

Tel: 0843 886 4550

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Landscape Networks is a trading division of Communicate Technology PLC. Registered in England No: 07867043

Landscape Networks Ltd

Beckshaw House

Law Street


BD18 3QR