Introduction This post describes some methods and techniques that we can use to verify and analyze security in a web application by assessing the SSL and HTTP traffic.We will focus on how to verify SSL Protocols and Ciphers, HTTP Response Headers and scanning for SQLi and XSS vulnerabilities. These methods […]
Single Sign On (SSO) to ADFS enabled Website from XenMobile SecureWeb
From ADFS 3.0 on Windows Server 2012 R2, a Powershell property defines which User Agents (Browsers) that are supported for 401 Windows Integrated Authentication instead of Form Based Authentication. So In order to ensure that we can support SSO from XenMobile SecureWeb, we can change that property on ADFS (Option […]
Protect and Secure your Web Application with NetScaler Application Firewall (WAF) – Part 1
The first part of this post I am providing some information and guidelines on how to implement Citrix NetScaler Application Firewall in front of your web application. In the second part coming up, we will look into the Security Insight of NMAS (NetScaler Management and Analytics Services) how this provide […]
Optimizing SSL Security and Performance with OCSP and NetScaler
This post is about OCSP, NetScaler and SSL/TLS, how we could benefit from it and how we implement it on NetScaler. Intro Online Certificate Status Protocol (OCSP) is an alternative/replacement to the Certificate Revocation List (CRL) and is also a method to validate the status of a certificate. The CRL […]
Configuring XenMobile Secure Web and HTTP Web Proxy
A common scenario and requirement is to use a HTTP Web Proxy gateway (BlueCoat, IronPort etc.) for outbound traffic to the Internet from the XenMobile Secure Web, securing and inspecting URL traffic etc. Once again we use our lovely NetScaler to meet the objectives. This post describes the implementation steps […]
Office 365 – Using NetScaler as SAML iDP
An alternative to using Microsoft ADFS (Active Directory Federation Services) as Identity Provider for accessing Office 365 cloud services, could be to use a pair of NetScaler Appliances.From a security point of view NetScaler is a great option for functioning as an authentication point. There are a few how to […]
Form Based SSO to Office 365 via XenMobile and NetScaler Traffic Policy
NetScaler Traffic Policies are great ! Control authentication settings etc. on a deeper level.In this post we look into Form Based SSO on NetScaler, as an approach to automatically submit the email adress to the login form for authentication in Microsoft Office 365. When running mVPN/VPN sessions through NetScaler Gateway, […]
Office 365 Smart Links and XenMobile
We can bypass the first sign in to Microsoft and ensure SSO when accessing Office365 services, thus improving the overall user experience. Basically we have 3 options to provide an sign in without users are required to type in their initial email address, in order to start the federated discovery […]
Implementing RDP Proxy
A really cool feature which was introduced in NetScaler 11 is the RDP Proxy feature.A Use Case I see very often, is a company who e.g. has external consultants that need secure access to an internal RDS Session Host Server in order to support a specific business environment.This scenario eliminates […]
Using Cipher Redirect on NetScaler to Report on SSL Handshake failures
On a SSL Virtual Server in NetScaler eg. Load Balancer, Content Switch or NetScaler Gateway virtual server, you could enable Cipher Redirect in order to report on SSL Handshake failures. This could be useful in troubleshooting scenarios etc. So If cipher redirect is enabled, you configure an SSL virtual server […]