Title: Protect Your Web Server From Web Application Hacks
1PROTECT YOUR WEB SERVER FROM WEB APPLICATION HACKS
November 23, 2015 Application Security /
Enterprise Security / Managed Security Solutions
/ Threat Monitoring
When Magento, the widely-preferred e-commerce CMS
was hacked in mid-2015, many web stores did not
realize that there was an ongoing attack until
their bank statements showed up. The cybercrime
group behind the attack leveraged a zero-day
vulnerability that let them drain out payment
card information from every POST request,
packaging them in a stealthy image-like file that
could only be downloaded and decrypted by the
attacker himself. As if this level of deception
wasnt enough, the attackers evaded detection by
wiping off trails.
Slick attack vectors such as this are becoming
way too common today to be identified and
thwarted by standard firewalls and filters. A
companys website is one of the very first places
an attacker will look for misconfiguration,
insecure code and vulnerable design. For those
with web-based applications, user account
management systems or an online store, this
exposure puts their internet-facing web servers
in a precarious position. So what can I do to
protect the sensitive information stored in my
web server? Data breach incidents are extremely
rampant today, sparing neither the behemoths nor
the budding companies. While zero-days will
always come and go, it is every companys onus to
curtail an intruder before he can access its
client data and intellectual property.
2PROTECT YOUR WEB SERVER FROM WEB APPLICATION HACKS
Get them from the behind Most bad actors
targeting your web application will invariably
attempt an SQL injection, the most infamous
attack that has been running amok for over a
decade now. Though it isnt widely discussed, an
intrusion detection system can be surprisingly
effective in thwarting database exfiltration and
destruction attempts. Since SQL does not include
adequate safeguards against malicious data
inputs, table query input string authentication
and multiple arbitrary command execution it
takes pervasive monitoring to prevent an attacker
from using flaws to his advantage. Setting up an
IDS at the network level and the host-level can
put a robust shield on your web server. This is
instrumental in tracking the attackers footprint
as well as assessing the impact of the potential
security incident, be it an injection attack or a
cross-site scripting attack. The Network IDS can
track and inspect every request that comes to
your web server and isolate all anomalous
behavior, cross-referencing global threat
signatures. A Host IDS (HIDS) narrows log
scanning down to the individual systems, in this
case, your web server. The tool is installed on
the server itself, and monitors file activity and
logs, scouring them for rogue activities,
privilege escalation and file system integrity
errors. Portending an attack pattern is much more
important than detecting an ongoing attack, which
is what a HIDS is designed to do.
3PROTECT YOUR WEB SERVER FROM WEB APPLICATION HACKS
Stay ahead Planning ahead to deal with risks is
often the only way companies can preserve their
competency. This strategy is especially easy now,
with the upswing in easy access to open threat
intelligence exchange platforms. Emerging
companies can benefit a great deal from keeping a
tab on attacks that have attacked their
counterparts and exploit methods that are
constantly researched and proliferated on these
platforms. It is always the ones with threat
awareness and comprehensive security monitoring
that have the least to lose in the event of a
data breach. Seek to gain knowledge that can set
you apart from your peers. Get in touch for
advice, assessments and more alephtavtech.com