Table of Contents
Web Application Security
- Unexpected Input
- Administrator Error
- Account Control and Management
- Ensuring Data Availability Compliance with WebWatchBot
- XSS Explored
- XSS Evolved
- MAXSS: Cross-Site Scripting Just Got a Voice
- Learning How to Burp – The Web Application Testing Proxy
- Code Injection Explained
- Mass Automated SQL Injection Attacks
- Inside a Real World Web-Based Attack
- How Bugs Can Give Attackers Access to Protected Portions of a Web App, Part 1
- How Bugs Can Give Attackers Access to Protected Portions of a Web App, Part 2
- The Wonderful World of Web Backdoors
- Web-Based Coupon Systems
- Web Application Firewalls
- What Can a WAF Do for You?
- Password Auditing with Hydra
- How to Create an Asymmetric Encryption-Based Form
- Practical Web Application Security with WebGoat
- PHP-Based File Inclusion Attacks
- Operating System Security
- Network Security
- Hardening Your System
- Wireless Security
- Mobile Security
- Data Forensics
- Legal and Ethical Issues of Security
- Home User Security
- Job Security for the IT Security Industry
- A Biased Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Security of Mechanical Locks
- Information Security in Academics
- Holiday Security: Hackers Don’t Take Holidays
- Gary McGraw on Building Secure Software
- Gary McGraw on Exploiting Online Games
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
- Questions from RSA 2007
- How to Steal 80,000 Identities in One Day
Ensuring Data Availability Compliance with WebWatchBot
Last updated May 23, 2003.
Ensuring data availability is part of the core of any information security compliance program. And federal mandates like HIPAA (discussed elsewhere in this guide) now require a formal process to monitor data availability.
Downtime from denial of service attacks, network outages and other causes all threaten data availability. But how can availability be monitored across a large organization? One easy way to monitor remote servers is with WebWatchBot 3.0 (http://www.exclamationsoft.com). It is an advanced, easy to use, fully reportable, network website and server monitor (Fig. 1). We recommend it for helping to ensure compliance. Useful features include:
Real-Time Charting of one or more watch item response time
Built-in reporting of historical data
Perform trend analysis of historical data based on time of day, day of week or day of month
Customizable GUI interface
Export charts as metafile, bitmap, or data points
Increase monitoring granularity on the fly
Fig. 1: A sample of the many remote server monitoring reports that WebWatchBot easily generates.
Available Watch Item Status are:
All - All Watch items, no filtering
Active - Only active watch items, watch items that are not suspended
Suspended - Only suspended watch items, watch items that are not active
Down - Only watch items that have an alarm status of Down
Up - Only watch items that have an alarm status of Up
Available Watch Item Types are:
HTTP - Only watch items that are of type HTTP
HTTPS - Only watch items that are of type HTTPs
FTP - Only watch items that are of type FTP
DNS - Only watch items that are of type DNS
Port - Only watch items that are of type Port
Ping - Only watch items that are of type Ping
POP3 - Only watch items that are of type POP3
SMTP - Only watch items that are of type SMTP
The Watch List has a grid layout that is fully customizable:
Columns are resizable by moving the mouse in-between two columns until the mouse pointer changes to a vertical bar, then by left-click dragging the column boundary to the desired size.
Columns are sortable by clicking on the column heading.
Customize which columns are displayed and in which order through the main menu: Tools->Customize Grid Headings
Selecting Watch Items
Select a single watch item by clicking with the left mouse button - the Preview Pane will automatically update with the selected watch item's data. You can also select multiple watch items in one of three ways:
Hold the "Ctrl" key and by selecting multiple watch items
Select the first watch item, then hold the "Shift" key and select another watch item. All watch items that appear in between the two selected watch items will become selected
Press Ctrl-A or through the main menu: Edit->Select All to select all watch items on the Watch List.
To run a watch item immediately, double-click on a single watch item in the Watch List
Right-Click on one or more watch items to bring up a context sensitive menu of actions which may be performed.
The Watch List Grid headings' visibility and display order are easily customizable. From the main menu, select Tools->Customize Grid Headings. The "Customize Grid Headings" dialog will appear. You can also add available fields from the left hand list by selecting them and clicking the "Add" button, or by double clicking the available field.
Remove visible fields by selecting them and clicking the "Remove" button, or by double clicking the visible field.
The Dashboard View is divided into four quadrants:
Failing Watch Items
Slow Watch Items
The Health Status displays a overall rating of the health of Watch Items for the selected filter and time frame. The overall rating is a weighted average of three factors:
Failing - This factor represents a weighted average of Watch Item failure rates. Each Watch Type is weighted differently and can be changed through Dashboard Settings.
Baseline - This factor represents the total number of Watch Items with failure rates higher than the selected baseline Watch Item divided by the total number of Watch Items.
Downtime - This factor represents the total amount of cumulative downtime divided by the total amount of cumulative time each Watch Item has been in existance since being created.
Modes of Operation
WebWatchBot has the ability to run in two modes: as a Windows application or as a Windows service. By default, WebWatchBot runs as a Windows Application. When running WebWatchBot as a Windows as a Windows Service, the title bar for the application will display "Service Mode". WebWatchBot is running as a Windows Service if the Service Status Icon is visible in the lower right hand corner of the WebWatchBot Manager Application:
Running WebWatchBot as a Windows Service poses the following overall advantages over running as a Windows Application:
If the WebWatchBot Manager Application is closed, the WebWatchBot Service application can still monitor.
If the logged in user is logged out, the WebWatchBot Service application can still monitor.
There is a performance decrease as the number of active watch items increase. It is not recommended that more than 50 watch items be active at one time when running in Windows Application Mode. It is highly recommended that if your version of Windows supports Windows Services, that WebWatchBot Run as a Windows Service.
WebWatchBot has a command line interface to perform a small portion of functionality without the WebWatchBot Manager. Using the command line interface allows scheduling and automation.
-clearstats (-cs) = Clear Statistics. Combine -clearstats with -watchitem to clear statistics for the specified Watch Item. -noservice (-ns) = Configures WebWatchBot to run as a Windows Application -q = Suppresses output to screen - only logs output -reportlist (-rl) = Display list of all report names for the specified watch item (See -watchitem) -report (-r) = Report name. Enclose in quotes if name contains spaces. Combine -report with -watchitem to run the specified report for the specified Watch Item. -resetalarm (-ra) = Resets alarm for specified Watch Item. Enclose in quotes if name contains spaces. Combine -report with -watchitem to run the specified -resetall (-rl) = Resets alarms for all Watch Items. -service (-sv) = Configures WebWatchBot to run as a Windows Service -watchitem (-wi) = Watch Item's name. Enclose in quotes if name contains spaces. -watchlist (-wl) = Display list of all watch item names