Scribd
Upload
21 views9 pages

Web App Defense: Handling Attackers

The document discusses four key tasks for handling attackers: 1) Handling errors gracefully by using try/catch blocks. 2) Maintaining audit logs of authentication, transactions, access attempts to investigate intrusion attempts. 3) Alerting administrators in real-time to block attacker IP addresses or accounts. 4) Reacting to attacks by slowing response times or terminating attacker sessions to frustrate their activities and buy time.

Uploaded by

Zain Alabeeden Alareji
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views9 pages

Web App Defense: Handling Attackers

The document discusses four key tasks for handling attackers: 1) Handling errors gracefully by using try/catch blocks. 2) Maintaining audit logs of authentication, transactions, access attempts to investigate intrusion attempts. 3) Alerting administrators in real-time to block attacker IP addresses or accounts. 4) Reacting to attacks by slowing response times or terminating attacker sessions to frustrate their activities and buy time.

Uploaded by

Zain Alabeeden Alareji
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Web Security

Lecture 7
Web Application
Defense Mechanism (II)
Handling Attackers

  If security is remotely important to an application,


programmers must work on the assumption that it
will be directly targeted by dedicated and skilled
attackers.
  To handle attackers, there are four key tasks
–  Handling errors
–  Maintaining audit logs
–  Alerting administrators
–  Reacting to attacks
Handling Attackers

  Handling Errors
–  It is inevitable that some unanticipated errors will occur in an application
because it is very difficult to anticipate every possible way in which a
malicious user may interact with the application.
–  The application should handle unexpected errors in a graceful manner and
either recover from them or present a suitable error message to the user.
  Try/catch blocks in languages provide good error handling.
  Maintaining Audit Logs
–  Audit logs are of value when investigating intrusion attempts against an
application.

  Hopefully the applications owners can understand


–  what has taken place,
–  which vulnerabilities were exploited,
–  whether the attacker gained unauthorized access to data, and
–  evidence as to the intruders identity.
Handling Attackers

  The following events should always be logged


–  Authentication of users and password changes
–  Key transactions, like credit card payments and funds transfers
–  Access attempts that are blocked by access control mechanisms
–  Any requests containing known attack strings that indicate malicious
intentions
Handling Attackers

  Alerting Administrators
  Instead of investigating an attack off-line, administrators may want to take
immediate action in real-time, such as by
–  blocking the IP address or user account being used by an attacker
Handling Attackers

  Anomalous events monitored by alerting


mechanisms include
–  Usage anomalies
  E.g.,, large numbers of requests being received from a single IP
address, indicating a scripted attack
–  Business anomalies,
  R.g., an unusual number of funds transfers being made to or from a
single account
–  Requests containing known attack strings
–  Requests where data that is hidden from ordinary users has been modified
Handling Attackers

  Reacting to Attacks
–  Some applications take automatic reactive measures to frustrate the
activities of an attacker by
  slowing down the response to an attackers requests or terminating an
attackers session.
–  This will buy additional time for administrators to monitor the situation and
take more drastic action if desired.
Managing the Application

  Administrators need to be able to:

  manage user accounts and roles,


  access monitoring and audit functions,
  perform diagnostic tasks, and configure aspects of the
applications functionality
Administrative functions

  A primary attraction for an attacker:


  Weaknesses in the authentication mechanism may enable an
attacker to gain administrative access.
  Many applications do not implement effective access control of
some of their administrative functions.
  Administrative functionality often involves displaying data that
originated from ordinary users.
  Administrative functionality is often subjected to less rigorous
security testing because its users are deemed to be trusted or
because penetration testers are given access to only low-
privileged accounts.

You might also like