Application Security Remediation
There are numerous resources available
to help organizations test for security vulnerabilities in their existing
applications. There are also resources available to help development teams
build security into their new applications from the ground up. None of these
address the real and pervasive challenge of fixing vulnerabilities in an
existing application portfolio.
Most Web sites need to selectively
restrict access to some portions of the site. You can think of a Web site as
somewhat analogous to an art gallery. The gallery is open for the public to
come in and browse, but there are certain parts of the facility, such as the
business offices, that are accessible only to people with certain credentials,
such as employees. When a Web site stores its customers' credit card
information in a database, for example, access to the database must be
restricted. ASP.NET security features help you address this and many other
security issues.
Software Security Remediation Services
is the software development industry focused on securing software systems from
threats. Security help companies leverage their significant technology
investments and remediate for known security issues.
The Architecture on the Securing the
Application as bellows:
Application Security Threats
Category
|
Threats
|
Input validation
|
Buffer overflow; cross-site scripting; SQL injection; canonicalization
|
Authentication
|
Network eavesdropping; brute force attacks; dictionary
attacks; cookie replay; credential theft
|
Authorization
|
Elevation of privilege; disclosure of confidential data; data tampering; luring attacks
|
Configuration management
|
Unauthorized access to administration interfaces;
unauthorized access to configuration stores; retrieval of clear text configuration
data; lack of individual accountability; over privileged process and
service accounts
|
Sensitive data
|
Access sensitive data in storage; network eavesdropping;
data
tampering
|
Session management
|
Session hijacking; session replay;
man in the middle
|
Cryptography
|
Poor key generation or key management; weak or custom encryption
|
Parameter manipulation
|
Query string manipulation; form field manipulation; cookie manipulation; HTTP header
manipulation
|
Exception management
|
Information disclosure; denial of
service
|
Auditing and logging
|
User denies performing an operation; attacker exploits
an application without trace; attacker covers his or her tracks
|
The Foundations of Security
Security relies on the following
elements:
Authentication
Authentication addresses the question:
who are you? It is the process of uniquely
identifying the clients of your
applications and services. These might be end users,
other services, processes, or
computers. In security parlance, authenticated clients
are referred to as principals.
Authorization
Authorization addresses the question:
what can you do? It is the process that
governs the resources and operations
that the authenticated client is permitted to
access. Resources include files,
databases, tables, rows, and so on, together with
system-level resources such as
registry keys and configuration data. Operations
include performing transactions such
as purchasing a product, transferring money
from one account to another, or
increasing a customer’s credit rating.
Auditing
Effective auditing and logging is the
key to non-repudiation. Non-repudiation
guarantees that a user cannot deny
performing an operation or initiating a
transaction. For example, in an
e-commerce system, non-repudiation mechanisms
are required to make sure that a
consumer cannot deny ordering 100 copies of a
particular book.
Confidentiality
Confidentiality, also referred to as privacy,
is the process of making sure that data
remains private and confidential, and
that it cannot be viewed by unauthorized
users or eavesdroppers who monitor the
flow of traffic across a network.
Encryption is frequently used to
enforce confidentiality. Access control lists (ACLs)
are another means of enforcing
confidentiality.
Integrity
Integrity is the guarantee that data
is protected from accidental or deliberate
(malicious) modification. Like
privacy, integrity is a key concern, particularly for
data passed across networks. Integrity
for data in transit is typically provided by
using hashing techniques and message
authentication codes.
Availability
From a security perspective,
availability means that systems remain available for
Legitimate users. The goal for many
attackers with denial of service attacks is to
crash an application or to make sure
that it is sufficiently overwhelmed so that
other users cannot access the
application.
Threats, Vulnerabilities, and Attacks
Defined
A threat is any potential occurrence,
malicious or otherwise, that could harm an asset.
In other words, a threat is any bad
thing that can happen to your assets.
Vulnerability is a weakness that makes
a threat possible. This may be because of
Poor design, configuration mistakes,
or inappropriate and insecure coding
Techniques. Weak input validation is
an example of application layer vulnerability,
which can result in input attacks.
An attack is an action that exploits vulnerability
or enacts a threat. Examples of
attacks include sending malicious
input to an application or flooding a network in an
attempt to deny service.
To summarize, a threat is a potential
event that can adversely affect an asset, whereas
a successful attack exploits
vulnerabilities in your system.
Secure Web Application?
It is not possible to design and build
a secure Web application until you know your
threats. An increasingly important
discipline and one that is recommended to form
part of your application’s design
phase is threat modeling. The purpose of threat
modeling is to analyze your
application’s architecture and design and identify
potentially vulnerable areas that may
allow a user, perhaps mistakenly, or an attacker
with malicious intent, to compromise
your system’s security.
After you know your threats, design
with security in mind by applying timeworn
and proven security principles. As
developers, you must follow secure coding
techniques to develop secure, robust,
and hack-resilient solutions. The design and
development of application layer
software must be supported by a secure network,
host, and application configuration on
the servers where the application software is
to be deployed.
A secure Web application relies upon a
secure network infrastructure. The network
infrastructure consists of routers,
firewalls, and switches. The role of the secure
network is not only to protect itself
from TCP/IP-based attacks, but also to
implement countermeasures such as
secure administrative interfaces and strong
passwords. The secure network is also
responsible for ensuring the integrity of the
traffic that it is forwarding. If you
know at the network layer about ports, protocols,
or communication that may be harmful,
counter those potential threats at that layer.
Software Security Services
Secure application services provide
organizations with a programmatic approach to effectively design, develop,
test, and maintain the security of applications:
Application
Design Assessment: identifies
potential security risks and recommends remediation related to an application’s
design;
Application
Code Review: helps
organizations to identify, prioritize, and remediate security vulnerabilities
within source code;
Application
Penetration Tests: evaluate
security of web-based applications, commercial products, and new or updated
software;
Software
Development Lifecycle Review: evaluates processes and provides recommendations for establishing
security across the application development lifecycle.
Application Design Assessment
Application
Design Assessment evaluates the
security of an application at the design level to provide organizations with an
understanding of potential security risks.
Consultants identify, evaluate, and
establish remediation priorities for security risks in the application,
addressed within the context of the organization’s business and technical
requirements. experts also verify that a
proposed architecture will support the organization’s security requirements,
and identify potential problem areas that will require focused attention during
coding. The service offers organizations guidance on how best to apply their
resources to address application security issues so applications may better
meet their business needs.
Application
Code Review provides
organizations with expert review of critical components of application source
code to help them identify, prioritize, and remediate potentially exploitable
security vulnerabilities. In addition, code reviews help determine the root
cause of security issues identified during Application Design Assessments and
Application Penetration Tests.
As part of the review, consultants not
only inspect code, but they also examine coding standards, guidelines,
policies, and design and architecture documents to gain an understanding of the
software design criteria and interactions. In addition, they interview
development team members to learn more about the application’s purpose,
functionality, and high-level architecture.
At the conclusion of the Application
Code Review, delivers a written report that details the found issues and their
potential impact, and offers recommendations for mitigation. The report
pinpoints vulnerabilities by line number and highlights critical areas of code,
enabling developers to quickly address any critical faults. It also describes
pervasive problems identified throughout the application, offers coding best
practices, and suggests improvements to the development process to reduce the
overall number of application level security faults.
An Application Penetration Test is an
ethical attack simulation that is intended to expose the effectiveness of an
application's security controls by highlighting risks posed by actual
exploitable vulnerabilities.
Software
Development Lifecycle Review provides
organizations with recommendations for establishing secure application
development processes. The service offers insight into security practices
already in place, and suggests improvements that can be made in the application
development lifecycle.
As part of the service, consultants
establish a baseline of the security within the organization’s current
application development lifecycle, identify key security goals and objectives,
and perform a gap analysis of the organization’s current application
development security process based on security best practices. ’s experienced
advisors leverage experience gained through testing thousands of applications
for security vulnerabilities and through years of providing security support in
a wide variety of development environments to evaluate the organization’s
security processes.
At the conclusion of a Software
Development Lifecycle Review, delivers a written report that provides a prioritized
list of recommendations to improve the level of security integration in the
organization’s standard application development lifecycle. By documenting and
identifying areas where security is underrepresented, is able to provide an
organization with a clear roadmap of the prioritized steps required to
integrate security into every phase of the application development lifecycle. consultants conduct a series of debriefing
meetings to communicate the findings to key constituents within the client’s
organization, and transfer in-depth knowledge that helps customers understand
the best practices for implementing a secure development lifecycle.
Network Threats and Countermeasures
The primary components that make up your network infrastructure
are routers,
firewalls, and switches. They act as the gatekeepers guarding
your servers and
applications from attacks and intrusions. An attacker may
exploit poorly configured
network devices. Common vulnerabilities include weak default
installation settings,
wide open access controls, and devices lacking the latest
security patches. Top
network level threats include:
Information
gathering
Sniffing
Spoofing
Session hijacking
Denial of service
Information Gathering
Network devices can be discovered and profiled in much the same
way as other
Types of systems. Attackers usually start with port scanning.
After they identify open
Ports, they use banner grabbing and enumeration to detect
device types and to
Determine operating system and application versions. Armed with
this information,
An attacker can attack known vulnerabilities that may not be
updated with security
patches.
Countermeasures to prevent information gathering include:
Configure routers to restrict their
responses to foot printing requests.
Configure operating systems that host
network software (for example, software firewalls) to prevent foot printing by
disabling unused protocols and unnecessary ports.
Sniffing
Sniffing or eavesdropping is the
act of monitoring traffic on the network for data such
as plaintext passwords or configuration information. With a
simple packet sniffer, an
attacker can easily read all plaintext traffic. Also, attackers
can crack packets
encrypted by lightweight hashing algorithms and can decipher
the payload that you
considered to be safe. The sniffing of packets requires a
packet sniffer in the path of
the server/client communication.
Countermeasures to help prevent sniffing include:
Use strong physical security and proper
segmenting of the network. This is the first step in preventing traffic from
being collected locally.
Encrypt communication fully, including
authentication credentials. This prevents sniffed packets from being usable to
an attacker. SSL and IPSec (Internet Protocol Security) are examples of
encryption solutions.
Spoofing
Spoofing is a means to hide one’s true identity on the network.
To create a spoofed
Identity, an attacker uses a fake source address that does not
represent the actual
Address of the packet. Spoofing may be used to hide the
original source of an attack
Or to work around network access control lists (ACLs) that are
in place to limit host
Access based on source address rules.
Although carefully crafted spoofed packets may never be tracked
to the original
Sender, a combination of filtering rules prevents spoofed
packets from originating
From your network, allowing you to block obviously spoofed
packets.
Countermeasures to prevent spoofing include:
Filter incoming packets that appear to
come from an internal IP address at your perimeter.
Filter outgoing packets that appear to
originate from an invalid local IP address.
Session Hijacking
Also known as man in the middle attacks, session hijacking
deceives a server or a
client into accepting the upstream host as the actual
legitimate host. Instead the
upstream host is an attacker’s host that is manipulating the
network so the attacker’s
host appears to be the desired destination.
Countermeasures to help prevent session hijacking include:
Use encrypted session negotiation.
Use encrypted communication channels.
Stay informed of platform patches to fix
TCP/IP vulnerabilities, such as
predictable packet sequences.
Denial of Service
Denial of service denies legitimate users access to a server or
services. The SYN flood
attack is a common example of a network level denial of service
attack. It is easy to
launch and difficult to track. The aim of the attack is to send
more requests to a server
than it can handle. The attack exploits a potential
vulnerability in the TCP/IP
connection establishment mechanism and floods the server’s
pending connection
queue.
Countermeasures to prevent denial of service include:
Apply the latest service packs.
Harden the TCP/IP stack by applying the
appropriate registry settings to increase.
The size of the TCP connection queue,
decrease the connection establishment
Period, and employ dynamic backlog
mechanisms to ensure that the connection queue is never exhausted.
Use a network Intrusion Detection System
(IDS) because these can automatically detect and respond to SYN attacks.
No comments:
Post a Comment