• Products
  • Overview
  • AQA TxDataEngine
  • AQA Synthetic Monitoring Solutions
  • AQA SafeGuard OOB Phone Authentication
  • AQA Code Scan
  • AQA easyNotification System
  • AQA SafeGuard RBA System
  • AQA SafeGuard Enterprise Plug-in
  • AQA SafeGuard Suspicious Transaction Monitoring
  • AQA Contact Center Custom Software and Applications
  •  

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Home > Products > SafeGuard Enterprise Plug-in

    AQA SafeGuard Attack Detection Plug-in

  • Detects common attacks such as: cross site scripting, SQL injection, session fixation and data tampering
  • Attack Disposition Plug-in Service
  • SafeGuard Web Administration Console
  • Dawn InfoTek’s SafeGuard Attack Detection Plug-in service consists of a number of Java jar files which can be readily integrated with the custom built J2EE framework or industry popular open source frameworks such as Struts and Spring.

    The Dawn InfoTek’s SafeGuard Service prevents the web application (Online banking, wireless banking and any other web applications) from four common attacks: cross site scripting, SQL injection, session fixation and data tampering as described below:

    Cross Site Scripting

    Attacker uses Cross Site Scripting to attack clients of a system as opposed to the system itself. Attacker uses the system as a delivery mechanism of malicious code. These scripts may be written in DHTML, HTML, XHTML, HTML x.0, JavaScript (1.x), Java (Applets), VBScript, ActiveX, XML/XSL, CSS, and Multimedia Files (Flash, MP3, Wave, etc).

    The application will strip all input with HTML tags or scripts. Where the requirement is to allow for HTML tags or a subset script you may build specific rules to filter unwanted scripts.

    The application will filter out any responses from back-end systems and third-party vendors that contain HTML or script tags.

    SQL Injection

    Attacker may inject SQL commands as input to access or alter sensitive data otherwise unreachable. This may be used as a step towards more server attacks. For example, attacker may change the password of the administrator to access to a wider array of functionality.

    The application will make sure that any user or third party input is not passed directly into the database queries. All user input need to be escaped between single or double quotes before passing the data into SQL queries.

    Session Fixation

    In a session fixation attack, the threat agent (attacker) fixes the user's session ID before the user even logs into the target server, thus eliminating the need to obtain the user's session ID afterwards. Basically, the threat agent obtains a session, and then tricks another user into using the threat agent‘s session - often by creating a special hypertext link and tricking the user into clicking on it.

    The application will make sure that any pre-existing http sessions will be invalidated before creating a new one. In addition, there should not be any cross-site scripting vulnerability in the whole business domain.

    Maximum Transaction Amount Enforcement

    SafeGuard may enforce the maximum the transaction amount.

    Indirect Reference

    The direct object quotation refers to the development personnel to apply the sensitive information like filename, the account number, the database key value exposes by URL or the FORM parameter form on the browser. The attacker may steal sensitive information. For example: the online banking application usually makes the account number for the parameter from the Browser end transmission for the Server end, the aggressor may tamper with this account number for other people account number, if the server end has not made the verification, may steal other people account number information.

    In addition to the standard enforcement and security detection events provided by SafeGuard, customer can define unlimited business rules to generate specific events following SafeGuard interface so that SafeGuard can detect the custom defined enforcement rules and take a proper action as defined by the customer.

    Attack Disposition Plug-in Service

    When SafeGuard detects the possible attack and may take a proper action based on the security policy, then it takes the protective measures to guarantee the application system secure.

    The possible actions are to forward to a warning page, force to logout or just generate a system event without notifying the end user, to send a notification such as email notification, SMS notification or a phone notification, to block user or IP and so on. It is also possible to automatically unlock user or IP as needed.

    SafeGuard Web Administration Console

    SafeGuard Web Administration Console is a Web application, its main function is: When examines the doubtful attack the request, SafeGuard can initiate this request user ID, originates the IP locking, as well as records the event details in the database, SafeGuard Console can act according to these data to have such as the attack summary, the attack charts, the real-time monitoring and monitoring graph, in addition, it also provided the functions to unlock the user or the IP, the white list user's maintenance, SafeGuard Console operator's functions and maintenance.