We eliminate or mitigate web security risks by design repelling 90 percent of web risks included in the OWASP Top 10.
This video shows how to perform the most common web attacks based on OWASP Top 10 web risks. For example: SQL Injection, XSS, CSRF and Parameter Tampering.
This video shows how Hdiv blocks the most common web attacks based on OWASP Top 10 web risks. For example: SQL Injection, XSS, CSRF and Parameter Tampering.
Hdiv Enterprise is a runtime application self-protection (RASP) version that offers strong, enterprise-class security, exclusive functionality, enterprise-level support services, and high scalability.
This video shows how Hdiv EE supports for some of the most used RESTful APIs implementation libraries adding OWASP Top 10 risks protection to the server side part of mobile native applications, as well as Client-Side MVC frameworks, that consume RESTful services.
This video shows how Hdiv Developer Toolbar detects vulnerable points within the source code in runtime, reporting the file and line number of the vulnerability.
We have used Acunetix Web Vulnerability Scanner to test our Spring MVC and Hdiv example application to protect from OWASP Top Ten web risks.
As described within the video, Hdiv protects from the attacks performed by Acunetix Web Vulnerability Scanner, avoiding the exploitation of application level web risks such as:
- OWASP A1 – SQL Injection
- OWASP A3 – Cross-Site Scripting (XSS)
- OWASP A8 – Cross-Site Request Forgery (CRSF)
It is important to note that Acunetix Web Vulnerability Scanner does not detect OWASP A4 – Insecure Direct Object Reference (Parameter Tampering). This is normal with all kinds of vulnerability scanners because in many cases, this category of vulnerability requires human intelligence to identify it.
See how to install the runtime application self-protection (RASP) product to add the strongest real-time protection to your apps.
by Roberto Velasco (Hdiv) on May 19, 2016
The number of applications based on a client-side MVC architecture which consume RESTful services, is increasing exponentially. For example, mobile native applications (iOS, Android, etc.) or client-side MVC web applications (AngularJS, React, etc.)
Analyzing the traditional OWASP Top 10 web risks, we can consider almost all of them are relevant to these new scenarios. So the question is, how can we protect these service based applications against the traditional OWASP Top 10 web risks?
This talk presents an innovative approach to automate the protection of Spring HATEOAS services against OWASP Top 10 security risks, through the integration of Spring HATEOAS with the Hdiv security framework.
by Burt Beckwith (SpringSource) on Dec 13, 2013
Burt Beckwith discusses the security risks web applications may face (XSS, CRSF, SQL injection) and the libraries and plugins (Hdiv) that developers can use to secure their Grails applications.
Burt Beckwith is a core developer on the Grails team and has created over 40 Grails plugins. Burt is a frequent speaker at conferences and user groups and the author of "Programming Grails" and blogs at http://burtbeckwith.com/blog/.
by Roberto Velasco (Hdiv) on Feb 17, 2012
Roberto Velasco (Hdiv project founder) talks about how to secure web applications with Spring MVC and Hdiv. The official integration of Hdiv in Spring MVC has been implemented thanks to the collaboration between SpringSource and the Hdiv team.
Spring I/O is the main Spring conference in Europe for application developers, solution architects, web operations and IT teams who develop business applications.
by Rossen Stoyanchev (SpringSource) on Dec 30, 2011
Rossen Stoyanchev covers some of the new features available in Spring MVC 3.1: URI variable, Redirect & Flash attributes, UriComponentsBuilder, Multipart Request Support, and Hdiv Integration.
Rossen is a Spring Framework committer with contributions in the web and messaging modules including Spring Web MVC and WebSocket messaging. Rossen has been instrumental in the design and development of Web-related features in the 3.x and 4.x Spring Framework generations and is currently working on major “Reactive” additions in the web modules for version 5.0.