Why is Application Security gaining so much gravity?
It is being said that ‘ The Internet has become a Crime Scene of the 21st Century ’.
We all rely on internet connectivity for almost every aspect of our lives. This new reality has led to an exponential growth of digitization in the sectors like healthcare, finance, communication, transportation and many more; but has the security of this data been up to the mark?
According to 2018 Breach Level Index report (a global database of public data breaches), in the first half of 2018 there were 945 reported incidents of data breaches worldwide. Most of these were caused due to the vulnerability in application.
Akamai statistics shows that attacks on web applications has increased by 38% percent from 2017 to 2018. This makes it clear that application security is a necessity and not an option.
What is Application Security?
General misconception is that Firewalls, Network Security, Antiviruses, Cryptography etc. are more than enough to prevent the system from any attacks. All these preventive measures reside in a different layers of our software ecosystem.
Firewall is a type of security which inspects inbound and outbound traffic over your network and blocks it, if found malicious.
But what if the perpetrator manages to bypass this perimeter and attack the application? Firewall does not know what is going on inside its perimeter. In other words, it does not have any clue about what is happening inside the application.
Here comes the role of Application Security.
“Application Security is the process of making applications more secure by finding, fixing, and enhancing the security of the applications”
Web applications are becoming soft target for cyber-attacks. The foremost reason is the poor coding practices which leads to loop holes in the code. These loopholes makes it easier to initiate an attack and gives a way to cyber-criminals who then leaves no stone unturned to exploit these vulnerabilities. As the code gets complex there is an increase in this unattended vulnerable code.
Most Prominent Attack Types
Just to give you a very high level idea of how the attacker can attack the web applications, let’s have a look at few most popular attacks on web applications.
It’s a type of code injection where attacker places malicious code in SQL statements and gets the data that was not intended to be displayed.
An attacker can place a malicious SQL query in a username or password input field. On server side, if the validation is not done for this input, the query would get executed resulting into an unwanted database action. This attack can lead to manipulate the database, extract company’s sensitive information or customer’s private details.
Cross-site Scripting (XSS):
When the associated page loads, the inserted malicious code gets executed. Attacker can take destructive actions such as hijacking an account, accessing browser history, etc.
Cross-Site Request Forgery (CSRF):
It is a type of attack which makes web browser perform an unwanted action in the application to which user is logged into.
A perpetrator can write a malicious script which will result in the transfer of some money to his account and wraps up this script in an innocent looking hyperlink. He then distributes this link to large number of bank customers. If they click on this link while being logged in to their bank account, it will unintentionally initiate the transfer.
Preventive Measures to Mitigate Attacks
To mitigate these attacks there are some preventive measures that can be incorporated with applications, like:
Web Application Firewall (WAF):
WAFs act as a shield between web application and the internet. It filters the http requests coming to the web server on the basis of some predefined policies. It typically protects the applications from the above mentioned attacks i.e SQL Injection, Cross-site Scripting, etc.
Converting data into a format that is unreadable by unwanted entity using Encryption and Decryption methods. The information cannot be read without a key to Decrypt it.
The methods mentioned above primarily secure the North-South traffic.
What is all about the North-South term? Is there an East-West too?
East-West & North-South security
North-South Traffic, is the traffic entering or exiting from a data center.
Basically, it’s the communication happening between the servers in data center and the client on the internet.
East-West traffic, on the other hand refers to the communication inside the data center. Basically, it’s the communication between servers and applications within the data center.
Most enterprises have some or the other security measures for North-South traffic like WAF, Network Firewall, IPS which prevents attacks coming from outside the network.
But the East-West security is often neglected.
Just because you have secured your perimeter, does that make you completely safe?
What about the entities who manages to penetrate inside?
Once the malware enters your network, it has unimpeded access to the East-West traffic. Worst part is that, East-West traffic comprises of 70% of the total communications.
With the three tier applications, one query from web browser may lead to a large amount of East-West traffic. This will only grow larger with the adoption of Microservices.
Microservices break down an application further into micro applications each serving a different business logic. These Microservices are self-contained and deploy independently. It is evident that they need to talk to each other while delivering some service, hence increase the volume and frequency of the East-West traffic.
Hence, East-West traffic security is becoming a top priority for many enterprises.
There are a few solutions available for East-West security today. Industries are still in their development phase for providing a stable, full-proof and light-weight solution for this.
Some Solutions to East-West Attacks-
In Micro-segmentation, Data centers are divided into logical segments.
Fine-grained policies & rules are created for each segment.
When application receives any request, it applies these rules against that endpoint so that only authorized people can access the application and its data. This reduces the surface for direct communication resulting into less impact of the attacks.
“Runtime Application Self-Protection (RASP) is a way to have the application protect themselves by identifying and blocking attacks in real time.”
It makes the applications themselves capable of detecting threats and blocking them.
The concept is to basically intercept the calls at runtime and block an attack if any malicious activity is detected.
Just to highlight the difference between WAF & RASP – WAF provides a shield between the Internet & the Application while RASP protects the application inside out.
In this Zero-trust era where cybercrime is only going to get stronger and faster, we need to be wiser than ever to appropriately make use of all the available options and make the most out of it.
Hope this Blog was able to give you an insight on what are the various ways attackers can take advantage of your data/ network and security.
North-South & East-West Traffic Graphic: Meghna Sonie