Cookie Protection ensures that commonly-used “information packages” given to visitors by your web servers are not tampered with.

Cookie Protection

Tamper-proofs cookies by digitally signing and verifying them.

Cookies are packages of data your servers hand out that are stored by a browser so that they can be remembered next time they return. Hackers can exploit these data packets and cause trouble for you. Cookie Protection ensures that these commonly-used “information packages” given to visitors by your web servers have not been tampered with. By digitally signing each cookie, the integrity of this information can be verified.

Cookies can be used by creative attackers to cause unexpected problems for your company. These tiny packets of data are usually only supposed to be used by browsers to interact with a server and remember small preferences of the last visit, such as how a preference has been selected by a visitor. Attackers however can exploit the contents of a cookie and how they are digested by a server, causing them to have all sorts of negative effects, depending on how vulnerable your configuration is. Rather than invest time and money in becoming an expert on web server cookies and all the ways that they can be abused to cause you trouble, let our Cookie Protection keep you safe.

For example, someone might visit your site and use your online store to add an item to their shopping cart and then leave. Information like the item number, and more importantly price, might be stored in a cookie so when the user returns, they do not have to add it again.

A malicious user might manually edit the information inside the cookie with a new price for the item. If they then visit a vulnerable server, it could permit them to complete the checkout process using the new price, and if this isn’t noticed, let the user purchase and acquire the item at this invalid amount. Cookie signing protects against this type of exploiting, since when this user edited the contents, the digital signature would no longer be valid and Astaro would then discard it and not pass it to the web server.

Cookie Protection
 

Cookie protection prevents the changing or alteration of the contents of a cookie handed out by your web server(s) to your users.

  • Digitally signs each cookie
  • Tampering with the cookie will invalidate the signature
  • Cookies declared invalid by Astaro Web Application Security will not be handed to the web server for consumption
  • Protects against cookie poisoning techniques and other creative attacks which exploit these common data points.
 
Astaro Security Gateway Hardware Appliances

Astaro Security Gateway Hardware Appliances

Our hardware appliances are purpose built, high-performance security devices. They integrate Astaro's security applications with a hardened Operating System on optimized Intel-compatible server systems that cater to every business size. This section details the series of Astaro Security Gateway hardware models available.

Read more
Astaro Security Gateway Software Appliance

Astaro Security Gateway Software Appliance

Our software appliances include the operating system and all security applications bundled within a single software image. While offering the same capabilities as the hardware platform, they can be easily installed on your hardware of choice - maximizing deployment flexibility. The Astaro Security Gateway software appliances are much easier and faster to set-up than software applications that require the installation of an operating system in advance. This section details the security applications available, technical information and deployment scenarios.

Read more
Astaro Security Gateway Virtual Appliance for VMware

Astaro Security Gateway Virtual Appliance for VMware

Our virtual appliances include a software appliance which has already been pre-installed and pre-configured for VMware environments. Being the first unified threat management product that has been certified as “VMware Ready”, it allows for the secure and easy deployment of an "all-in-one" security solution within a virtual environment. This section details the security applications available, technical information and deployment scenarios.

Read more
 
Buy Now

Instant Access

Web Application Security

Become a fan Follow us Join us Join us Read more

Enter a feature request Join us Watch
 
© 2013 by Astaro GmbH & Co. KG - a Sophos company