Anyone who is going to design the app needs to think about its proper security measures that need to be taken because it will in the most cases been attacked by dedicated and very skilled attackers. So what would be the app’s key function for security mechanism? It surely needs to react to those attackers in a controlled way. The mechanism we’re going to talk about often incorporates some mix of defensive and offensive measures, which are, of course, designed to take the attacker out of control and to confuse him, while the evidence of the event is taken and noted. These measures have some tasks, which we’re going to talk about and explain each one properly.
Handling errors
This is the first mechanism. It doesn’t matter how much effort or validation some application is made, it is often actually quite open to vulnerabilities and some of the unanticipated errors may occur. This is why we need to learn to defend ourselves and our systems, by learning as much as we can about the cyber security tips. The errors we mentioned, may come even from the actions of its regular user, and these errors are most likely to be identified during the functionality and of course, the user’s acceptance of testing.
So, the conclusion is that they’re taken into the account before the app is even deployed in its production context. It is true that it’s really hard to anticipate the every way out there in which a malicious user may interact with the app. That’s when the further errors that may occur can really be expected when the app becomes attacked.
So, what does the key mechanism do then? It is made for the app to handle unexpected errors gracefully, or sometimes even to recover it or even present the right error message to the particular user. Here it is important to mention, that in the production context, the app should never ever return any system messages which are generated, or any other debug information in its response process.
There are, of course, the situations where the attacker can leverage detective errors and handling them to retrieve some sensitive information within the error messages themselves. It provides them a highly valuable channel for stealing data from that app.
It is true that most of the web development languages really provide good error-handling support. They achieve it through the try-catch blocks checked exceptions. But, the app’s code needs to make extensive use of those constructs for each specific and of course the general errors. That is how they can be handled appropriately. But that’s not all. Many of the applications servers can be actually configured to deal with the unhandled app errors in various and customized ways. For an example, it may happen by presenting an uninformative error message.
Let’s make a summary of handling errors. How can it be effective? It may be effective if it is integrated (and almost always is), with the application’s logging mechanisms. Those mechanisms then record the debug information, as much as they can. But what about the unexpected errors? It is well known that they often point to defects within the app’s defenses, and they can be addressed at the source when the application’s owner has the required information.
Maintaining Audit Logs
Why are the audit logs so important? They are of real value, mostly when investigating intrusion attacks against the app. When those incidents happen, the effective audit log acts in such a way to enable the app’s owner to understand really what is going on. Understanding what really took place, what are the vulnerabilities that have been exploited, has the attacker gained the unauthorized access to data, and has he performed any of the unauthorized actions in the meantime. After all, it is providing the evidence of the intruder’s identity.
If there is an application which security really needs to be important, then it is a must that key event should be logged as the matter of course. This you may already be heard in some of the most important internet security tips topics, which are all around the internet.
So, let’s take a closer look what does that means-including key event to be logged!
First of all, that goes for all the events that are related to the authentication’s functionality, which may be, for an example, login-successful or failed one, and of course, the change of password.
This also refers to the key transactions, for the example some credit cards which had payments and also any funds transfers.
Thirdly, for those access attempts that are blocked by the access control mechanism itself.
And the last one, any requests that are containing known attack strings which may indicate, in any way, malicious intentions or any kind of threat. These four is just the minimum, required for all.
There are many security-critical apps, which can provide a complete forensic record, and then it can be used to investigate the incidents. Those are mostly the security-critical applications which are used by the online banks. There, the every client request is logged in full.
We saw what the effective audit logs can do, but that is not all. They can also record the time of each event, and the IP address from which the request was actually received, and all of the users accounts that were unauthorized.
So, what is then the effective approach? It means storing the audit logs on an autonomous system which accepts only the updated messages coming from the main app. There are of course some cases where the logs may be flushed. They are flushed to write one-media, ensuring their integrity in the event of some successful attack.
For the attacker, that means that audit logs which are not protected properly can provide them a numerous number of the information. They can then disclose the host’s sensitive information, for an example session tokens or to request parameters.
Alerting Administrators
The power of audit logs is that they can enable the app’s owners to retrospectively intrusion attacks. After that, if it is possible, they can take their planned and legal actions against the perpetrator. But, to be honest, in most of the incidents, it is the best to react immediately and take proper actions at the moment. Let us show it on the example. If the attacker already got into the owner’s application, he already started doing what he intended. So, it is better to prepare and stop such a crime, rather than to investigate it tries to save it later.
In many cases, the alert mechanisms need the extreme balance with the conflicting objectives while reporting each genuine attack reliably. If they don’t do this and alert so many, most of them will be ignored.
So what are the alerting mechanisms who can use these combination factors for diagnosing that the determined attack is under way and that it can also aggregate related events into the single alert, and where is possible? Those are the well-balanced alert mechanisms.
The monitored events which are anomalous, tracked by the alerting mechanism include some stages, and we will explain you these in the further text.
- First of all, monitoring and alerting the usage anomalies which indicate a scripted attack. The best example for this is when a large number of requests is being received from a single user of single IP address.
- Second-the business anomalies, which can be recognised by the unusual number of funds which is transferred to or from a single bank account.
- Third. Any request that may seem to contain the well-known attack strings.
- And the last, any request where the data stays hidden from the ordinary user, and in most cases that data is also modified.
These functions can be provided by the app firewalls and the intrusion detection products. They use a mix of signature and rules that are normally based to signify or identify the malicious request and to block it. Also, after all, they alert the administrator.
Sadly, their power is actually quite limited, because, as you probably already know, every web app is different.
But, there is one thing that is the most important to remember-it is the circumstances that need to be watched, and that is how the malicious things can be recognised.
Integrating this into the application’s input validation mechanisms and other controls is the most effective way to implement the real-time alerting.
Reacting to Attacks
As we talked in the previous paragraph, many security-critical apps contain the built-in mechanisms, that alert administrator when something is potentially malicious or looks like a threat. Also, we said that the each application is different of some kind and that the most important thing is to react quickly, and probably the best is of course-to prevent any attacks and threats.
This is why there are made the automatic reactive measures for some applications, because they can frustrate the activities of the attacker, preventing the harder damages have time to expand.
If everything else fails, the important thing is to detect, evident and learn something for the future, so the same threat won’t occur again. If it even occurs, in that case, they will know how to react properly and solve the problem fast.
Also, placing the obstacles is the great measure of defense, which will slow down the attacker in his intends.
Managing the Application
We already talked about how every useful app needs to be administrated and, of course, managed. That forms a key part of the app’s security mechanisms, which provide a way for the administrators to manage, if needed, user accounts and roles. Besides that, they’re able to manage the access monitoring and audit functions, to perform diagnostic tasks, and finally to configure the aspect of the app’s functionality.
We also talked about how in many apps the administrative functions are already implemented in the app by itself. It is then accessible through the same web interface as its core nonsecurity functionality. So, the conclusion is, that in this case, it is the administrative mechanism the one who represents a crucial part of the app’s attack surface. We will explain this on the examples.
If the attacker wants to gain administrative access, it is the weakness in the authentication system which will enable him that.
It is true that many apps don’t really implement the effective access control of their administrative functions. That may allow the attacker to make the account with high privileges.
When any type of cross-site scripting flaws occur, it can lead to compromise of a user session that is guaranteed to have the most powerful privileges. Taking control of the entire server by the side of the attacker can happen if he can compromise the administrative function.
Of everything we mentioned and talked about, there are two things which are the most important-the mechanisms for handling user access and those for handling users input. If anything bad happens in these areas, that most of the times lead to enabling the data to belong to the another user and then he can take the unauthorized actions of any kind.