Web tier: servlets, JSP, Web frameworks: how to prevent the application from sniffer tools.

  1. Hi, We are developing a webbased business application. we have secured our application using https with certificate from verisign. But our application has failed in testing with some browser based sniffer tools(burp suite). Please an you expain the way to prevent the application from the hacking from such tools. Thanks, Mahendran..
  2. Hi Mahendran, If your application uses HTTPS all the way, then sniffing the traffic is not the problem. Burp acts as a personal proxy and intercepts all requests between browser and server, it is only a tool used to identify other security vulnerabilities and isn't a sniffing tool as such. You will never be able to stop attackers using tools like burp, but you can stop them from exploiting issues in your application. You'd have to be more specific about exactly which vulnerabilities were found in your application and address each one of these. For more detail on building secure web applications, have a look at the OWASP guide at: www.owasp.org. Stephen