Tuesday, 18 December 2012

Speed Counts

Why does Website Speed Matter?

In today's high-speed communication, internet users have become accustomed to high speed data connections and optimized web browsers, with online queries answered in milliseconds. 

Statistics show that faster loading websites have a measurable impact on revenue and user experience:

  • Shopzilla reduced page load times from 6 seconds to 1.2 seconds and increased their revenue by 12% and page views by 25%.
  • Amazon increased their revenue by 1% for every 100 milliseconds reduced in page load times.
  • Reducing page load times by 2.2 seconds Mozilla estimates that over 60 million additional Firefox downloads occur each year.
  • Yahoo! site traffic increased by 9% for every 400 millisecond reduction in site latency.
Source: Make Data Useful by Greg Linden at Amazon

There is no denying the correlation between site response times and business revenue. In such a ferociously competitive market, website performance is a factor too important to ignore for e-commerce organizations.

Factors of Speed

In most cases, poorly designed applications and websites are the major factor in site performance. More often than not, design of a website or front-end application is dictated by marketing and style. Users demand and interactive experience, with flashy animated pages with heavy graphics and videos. This may all look great once everything has loaded, but in reality what happens when it comes time to deliver and render all that content over the web? What is the true impact to the user experience and ultimately to your business revenue?

It has been reported that 52% of online shoppers claim that quick page loads are important for their loyalty to a site. NY Times Impatient Web Users Flee Slow Loading Sites

The truth is that, when it comes to delivering a positive online user experience, speed outweighs style: "The speed of website responses is a key factor affecting usability. Raw speed is one of the key attributes that can determine the quality of the user experience. In addition, Google's search engine uses website performance to determine the position of a Web page on search results pages. Therefore, investing in performance improvements will increase the benefits for website owners.” - Ray Valdes, Gartner, Q&A: Website Performance and User Experience.

Other factors in website performance are latency, poor network connections and traffic spikes. On an average day, an online application or website may load in a reasonable amount time, but what about on days with extreme traffic loads? I am thinking about the run up to Christmas, Black Friday, major sporting events and Valentines Day. "57.3million Americans visited online retail sites on Black Friday, representing an increase of 18 percent versus a year ago." - Zach Epstein, BGR, Black Friday Sales Top $1 Billion, Cyber Monday Expected to Set Record

As the rapid adoption of smartphones, tablets and e-readers continues to drive demand for digital books, audio, video and other online content; demand for fast and available online services is going to increase.

So What is the Solution?

In an ideal world, web applications would be designed for speed and load efficiency and all users would have 10Gbps network connections. However this is not realistic solution, so what is the alternative?

One solution is to rethink the protocols used to deliver the content. Google's SPDY (pronounced "Speedy") helps significantly reduce page load latency by up to 50%. - Chromium Project, SPDY: An Experimental Protocol for a Faster Web 

SPDY is a new protocol developed by Google in it's initiative to "make the web faster". It's protocol specification has officially been adopted for the HTTP/2 draft spec. SPDY achieves reduced page load latency using several techniques:
  • Full communication compression: SPDY compresses HTTP headers as well as the HTTP content. 
  • Communication Multiplexing: Unlike HTTP which handles one request at a time in a single connection with response to requests made consecutively, SPDY handles multiple requests and responses concurrently using one connection.
  • Traffic Prioritization: SPDY allows for prioritization of traffic streams, data of higher priority can jump into the process of transportation of data of lower priority and can be transported earlier.

SPDY is already supported by Chrome/Chromium, Firefox and Opera browsers as well as all Android devices and the Kindle Fire. 

Adopting a new protocol in your application environment is no simple task. Historically organizations needed to update their web server infrastructure to take advantage of SPDY's performance improvements, adding cost and complexity to their systems. With Ishlangu's SPDY Offloading capabilities, companies can take advantage of these performance improvements without updating their web application server infrastructure. Ishlangu delivers this capability by translating SPDY requests into HTTP on the back end.

Ishlangu Application Delivery Controller can significantly reduce web application latency and improve its availability by offloading CPU intensive tasks such as SSL processing, HTTP content compression, caching and network connection management. Allowing services to both run and scale efficiently, without the need to increase servers, bandwidth or network infrastructure.

Application delivery controllers are a corner stone of application delivery and acceleration. Garnter comments on the important role Application Delivery Controllers plays in optimizing application performance and availability: 

"The application delivery controller has evolved into a key component of the data center architecture, and enterprises should evaluate ADCs based on how they integrate with this architecture and support more-advanced features, such as user and traffic control and monitoring." - Neil Rickard, Gartner, Magic Quadrant for Application Delivery Controllers  

Ishlangu Application Delivery Controller can accelerate the delivery of your online applications and sites by deploying performance enhancing features such as SSL Offloading, HTTP Content Compression and Caching, SPDY Protocol Support, Content Re-Writing and Connection Management. 

This will ultimately lead to:

  • Improved end-user experience
  • Higher transaction and conversion rates
  • Increased brand loyalty and return visits
  • Reduced bandwidth consumption
  • Increased online visibility
  • Increased browse time on the site 
More information about Ishlangu Application Delivery Controller can be found here.

Monday, 17 December 2012

Ishlangu 1.1 Released - Geo IP and SPDY Protocol Support

Today, we are proud to announce the release of Ishlangu 1.1  This release comes just over a month since the first release back in November of this year.  This will be the trend for Ishlangu releases.  Ishlangu has a rapid release cycle, so you can expect amazing new features in a short span of time.

The major new features of Ishlangu 1.1 are:
  • SPDY (pronounced "Speedy") protocol support
  • Geo-IP Location API for uControl Script™
SPDY is a protocol that sits between SSL and HTTP to speed up requests and responses.  SPDY was designed by Google to reduce latency and improve page load times.  It is shown to improve page speed by up to 50%.  If you have an SSL enabled proxy using any of the TLS versions, you will be able to enable SPDY support with just a single click.  If a client doesn't support SPDY that's okay too!  The client will just use SSL and HTTP to communicate with your proxy.  Clients that support SPDY are Chrome, Firefox, and Opera, as well as any Android mobile device.

The Geo-IP Location API is a great tool for businesses.  It can help you target your audience.  If a client from Spain requests www.mysite.com you can redirect the client to your Spanish domain on www.mysite.es.  You could even inform your back-end application of the client's country, city, or region based information, by adding headers to the request to be sent to the back-end server.

Remember upgrading to Ishlangu 1.1 is absolutely free.  You get these great new features at no extra cost!  Just go to the Updates section of the Ishlangu admin-console, download the update, and click the install button; then get ready to enjoy these brand new features.

Ishlangu includes GeoLite data created by MaxMind, available from http://www.maxmind.com

Friday, 30 November 2012

Website Code Injection and How it Affects your Reputation

Cyber crime syndicates are always looking for ways to increase the opportunity to infect more machines with their malware. One way is to increase the lifetime of injections on websites. Usually the life span of injected code on a vulnerable website, depends on how fast the website administrator notices malicious content added to their web pages.

Image 1: The red arrow below shows the difference between the life span of typical malicious injected code and code injected by a rogue Apache module
One tactic used to increase the life span of injected code is to install rogue modules on compromised web servers. These modules hide themselves and the presence of injected code from website administrators. 

We are seeing an increase in the number and sale of web server rootkit tools which are used to inject and hide malicious code on compromised web servers. Web server administrators are mentioning on forums and blog articles of mysterious iframes with malicious payloads, magically appearing on different websites and constantly changing the injected URL.

According to underground forums this type of web server rootkit called “DarkLeach” is an Apache 2 module selling for $1,000. Features of this module include: iFrame injection of php/html/js files, allowing access to module from specific IP addresses, periodic updates of injected URLs.

Apart from injecting iFrames, this module ensures a long life span with it’s stealth mode features, including logging the IP addresses of server administrators, going quiet when the admin logs into the server or when someone connects to the server with the logged IPs, disabling the module when a system scanner such as rkhunter or tcpdump are used.

The author of the module goes on to show the statistics of how successful this module is when used with exploit kits:

Image 2: Stats from exploit kits showing successful exploits with the help of the Web server Apache rogue module
As you can see this type of attack is widely used and can have a detrimental effect on a companies’ reputation. For instance TradingForex.com was recently affected by a similar attack. FOREX trading website was injected with a malicious Java applet, which could install malware on the affected systems of the site's users. FOREX is the foreign exchange market where international currencies are traded, and nowadays, it's used by millions of people around the world. TradingForex.com provides tools for forex trading online, which users trusted was secure. However after this recent attack, users will think twice about using their services due to the lack of security and the possibility of their system’s being compromised.

Ishlangu gives web server administrators piece of mind, by surrounding their websites and web applications with a fortified security perimeter. This provides robust defenses against exploits aimed at vulnerable application frameworks such as Joomla and WordPress which cyber criminals use to compromise web servers and install malicious modules such as DarkLeach. 

Ishlangu Web Application Firewall

Ishlangu’s Application Firewall establishes a secure session identifier, proactively secures cookies, URLs, Form Fields and thoroughly inspects all data sent and received by the application; ensuring malicious users do not exploit the stateless nature of HTTP transactions.

Protect your websites, your users and most importantly your reputation from attack. Download a free trial of Ishlangu and see for yourself.

Friday, 2 November 2012

Ishlangu - Ultimate Control with uControl Script

Check out the new video on our youtube site.  Dayne presents one of the many usages of Ishlangu's powerful uControl Script.  This is just the first in a series of videos that will demonstrate what you can do with Ishlangu.

Thursday, 1 November 2012

Introducing Ishlangu

In today’s instant online social media, a company’s reputation is measured by how secure and accessible their application data is.

Fundamental to this accessibility and security is ADC or Application Delivery Controller, a technology that is complex and expensive. Shaka Technologies’ “Ishlangu” - Application Delivery Controller technology, provides next-generation security and application control at an affordable price.

The Ishlangu product, available for bare metal servers or as a virtual appliance, removes the complexity of managing your application data security and delivery with it’s intuitive administration console. Ishlangu’s application-aware firewall, understands applications and their vulnerabilities. It’s hybrid security model thwarts application based attacks such as SQL injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF).

Ishlangu’s uControl Script™, a powerful traffic inspection engine, allows clients to create and implement bespoke application traffic rules. uControl Script™ empowers clients with greater control and intelligence of their application delivery, especially crucial for online applications and ecommerce sites.

Increased demand for available applications and an influx of online capable devices puts a huge strain on organizational services. Ishlangu’s multi-node clustering provides enterprises the ability to scale out capacity to enormous levels. Unlike other ADC high-availability deployments, Ishlangu not only ensures your application's availability, it provides the means to seamlessly scale up your application's capacity as traffic throughput demands it.

All these powerful features combine with Layer 7 load balancing, SSL offloading, application acceleration, content caching, compression, traffic analysis and logging to form a dynamic and secure ADC solution. Unlike most ADC solutions, Ishlangu offers all these features as well as dedicated 24/7 support under one license package. There are no hidden package costs or option packages, what you see is what you get; a complete and secure application delivery controller.

Secure data access is paramount in today’s global economy. To find out more or to download a free evaluation copy of Ishlangu please visit our website at www.shakatechnologies.com