Web Application Firewall Targets XSRF Attacks


The Mykonos Security Appliance adds improvements in speed, latency, redundancy, and reporting.

Mykonos Software has released an enhanced Mykonos Security Appliance, a next-generation Web application firewall (WAF) designed to protect Web sites from hackers, fraud, and theft. Unlike legacy signature-based systems, Mykonos inserts thousands of detection points into Web apps to identify attackers before they cause damage. The latest release includes a new security processor designed to eliminate cross-site request forgery (XSRF) attacks.

The Mykonos Security Appliance sits between the Web application server and the client. It inserts detection points, or "code-level honey pots," into the Web app, creating virtual landmines that detect and prevent attack attempts. Once it detects a threat, it tags the attacker with a security token that persists after the session ends and is not tied to the attacker's IP address. After the attacker is detected and tagged, the appliance uses an intelligence-gathering process called "Hacker Hoops and Hurdles" to create a profile of the person's skill and threat level. The Mykonos Security Appliance is designed to protect against attacks before they cause damage.

Key features of the latest version of Mykonos Security Appliance include:

  • New security processor designed to eliminate cross-site request forgery (XSRF) or "one-click" attacks;
  • Unique tagging of attackers with a security token to identify and block subsequent attack attempts;
  • Captcha processor to detect bots or other automated scripts;
  • Enhanced reporting management system and security monitor console;
  • SSL configuration for internal communication security and third-party authentication for access to the appliance;
  • Multiple VLAN connections; and
  • Command-line interface for power users.

The latest version also includes significant improvements in speed, latency, redundancy, and reporting.

Mykonos Security Appliance is available now. Further information can be found here.

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at [email protected].

Featured

  • Training the Next Generation of Space Cybersecurity Experts

    CT asked Scott Shackelford, Indiana University professor of law and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance, about the possible emergence of space cybersecurity as a separate field that would support changing practices and foster future space cybersecurity leaders.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • AI microchip, a cybersecurity shield with a lock, a dollar coin, and a laptop with financial graphs connected by dotted lines

    Survey: Generative AI Surpasses Cybersecurity in 2025 Tech Budgets

    Global IT leaders are placing bigger bets on generative artificial intelligence than cybersecurity in 2025, according to new research by Amazon Web Services (AWS).

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.