DEV Community: Febna V M

Web Cache Deception

Febna V M — Wed, 09 Feb 2022 21:06:07 +0000

Websites often tend to use web caching functionality to improve user experience and enable better performance standards for the users.

Web caching reduces the load on the web server by caching frequently requested contents. Generally, static and public files are cached such as Style sheets (css), Scripts (js), Text Files (txt), Images (bmp,gif,png etc.),etc.,User specific data or private and sensitive information are not cached.

However, some misconfigurations may result in deceiving the caching servers to store local copies of sensitive data and serve them to other users. This kind of attack is known as Web Cache Deception.

The attacker adds a suffix to the path of a page containing sensitive data to make it look like a static, public asset so that the cached copy of the page is stored by the caching server.

Caches can impact the application architecture in unpredictable ways if a deficient caching architecture is implemented. Web cache deception vulnerabilities might cause the websites to be exposed to other damaging attacks other than data leaks. Operators should ensure that the caching functionalities are properly configured and the application is not affected by them.

Click here to learn more about Web Cache Deception

Serverless Computing: Security And Challenges

Febna V M — Thu, 08 Jul 2021 09:23:48 +0000

Serverless computing has been on the rise for the past few years. Serverless computing is a new economic model to cloud computing that has proven popular and has emerged to be a boon to many companies.

Types Of Serverless Infrastructures

Serverless architectures are cloud-based and service-based. This means that, instead of provisioning and managing their own servers, organizations buy cloud computing services such as the following:

Software as a Service, or SaaS, delivers centrally hosted and managed software on-demand to end-users over the internet (e.g, Slack, Jira, Salesforce, HubSpot, etc).
Infrastructure as a Service, or IaaS, delivers resources such as networks, data storage, and computers which must be managed by the end-users and offers essential compute, storage and networking resources on-demand, on a pay-as-you-go basis.
Platform as a Service, or PaaS, builds on IaaS by allowing users to deploy and run applications on managed platforms. Deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.
Function as a Service, or FaaS, is a specialized type of PaaS that allows users to develop, manage, and run application functions on managed platforms (e.g, AWS Lambda) without the complexity of building and maintaining the infrastructure.

How Does A Serverless Environment Reduce The Attack Surface?

The greatest advantage of serverless computing is that enterprises can build back-end applications without being directly involved in maintaining and securing servers. Maintaining and patching up the security loopholes is assigned to the cloud provider.

Let’s take a look at some of the major responsibilities of the cloud provider:

Patching the infrastructure periodically.
Securely configuring the infrastructure with the proper security settings to protect itself.
Setting up the proper account management for the infrastructure.
Ensure that it only uses currently supported operating systems and software runtimes.
Responsible for keeping the software runtime up-to-date and configuring it securely.
Securely configuring the database and network connectivity.

Serverless Security Risks & Challenges

However, like any other existing technology, it’s not immune to risks and threats. Some of the security risks faced by serverless computing includes:

Insecure Configuration
Overprivileged Function Permissions
Event-Data Injection
Inadequate Function Monitoring And Logging
Improper Exception Handling And Verbose Error Messages
Insecure Third-Party Dependencies

Read more on the security and challenges of serverless computing and the best practices for enhancing security in serverless applications here

Man-In-The-Middle (MITM) Attack: Types, Techniques And Prevention

Febna V M — Wed, 09 Dec 2020 14:11:57 +0000

Viruses, malware, ransomware, trojans, phishing and a lot more make a never-ending list of cyber threats.

One of the most prevalent cyber threats out there that often gets overlooked is manipulator-in-the-middle (previously referred to as ‘man-in-the-middle’) attack. This cyber-attack questions the integrity and confidentiality of communication between two parties.

Attackers could use the latest MITM attacks and tactics to steal personal or confidential data.

Some of the techniques used to carry out MITM attacks include:

Rogue Access Point
Address Resolution Protocol (ARP) Spoofing
Domain Name System (DNS) Spoofing
Email Hijacking
Internet Control Message Protocol (ICMP) Redirection
Dynamic Host Configuration Protocol (DHCP) Spoofing
SSL Stripping

And it is rarely possible to recognize whether a Man-in-the-Middle attack has occurred or not. But, MITM attacks can be avoided by following some best practices.

This blog post covers the types and techniques of manipulator-in-the-middle attacks and offers some suggestions to stay safe from MITM attacks.

Read on to know more.
https://beaglesecurity.com/blog/article/man-in-the-middle-attack.html

Secure Configuration of Web Application Firewalls

Febna V M — Sat, 24 Oct 2020 15:38:12 +0000

Security threats have always been a prominent issue in this digital era. The more data in digital space, the more precautions we need.

There’s a possibility of many security threats existing in a typical enterprise distributed application including DDoS, SQL injection, Cross-Site Scripting, etc. When organizations are trying to increase their internal security, hackers are becoming more creative.

Good security program always requires multiple layers of defence. Multiple layers of security allow one system to catch an attack that may be missed by others. In a hosted application environment those layers typically include firewalls, intrusion detection systems (IDS), and server security.

A web application firewall or WAF could be the first line of defence among these security layers.
A web application firewall, which is dynamic and heuristic has a promising role in an IT infrastructure.

It is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. The WAF can look for unusual traffic activity and automatically block that traffic, even if the traffic does not match a known “bad” pattern which makes it different from intrusion detection systems.

A WAF operates through a set of rules often called policies. It is also customizable, allowing you to write rules specific to your application.
Some of the WAF policies are listed below:

Web attack signature policy
URL protection policy
HTTP protocol constraint policy
SQL/XSS injection detection policy
Bot detection

Even though many companies have implemented a WAF, most of the web application firewall configurations are not secure. It would be more effective if the following points are considered while configuring a web application firewall.

Coordinate web application firewall configuration and Web Application Update
Always check for vulnerabilities
Use a web application firewall with built-in acceleration
Lockdown the backdoor
Understanding of web application environment

A web application firewall acts as the first line of defence and it allows you to make sure that an application is safe by putting in a reasonable amount of initial effort. In addition to implementing them, it is also necessary to properly configure them so that it can be an effective defence mechanism in your bid to keep away hackers.

A more detailed version on secure configuration of web application firewall published at
https://beaglesecurity.com/blog/article/secure-web-application-firewall-configuration.html

Artificial Intelligence In Cyber Security

Febna V M — Wed, 03 Jun 2020 16:09:38 +0000

Ever since its inception during the 1950s, artificial intelligence has made tremendous progress in every industry.

Artificial intelligence made its first step when Alan Turing introduced the Turing test in 1950. Later on, with the development of Eliza, Shakey, Roomba, Siri and Alexa, AI turned from fiction to reality.

Tons of research and development through the years has also led to artificial intelligence finding its place in cybersecurity. Artificial intelligence and cybersecurity together form a perfect combo for the detection of cyber attacks and harmful trespasses.

Living in an age of “big data” and the transition to modern web applications has provided enormous resources virtually, that could attract the attention of so-called "bad guys". So it is necessary to secure data in an efficient way.

Artificial intelligence promises to be a great solution for this.

AI-driven systems can ensure more accuracy and can cope up with the time consuming manual security testing procedures.

What we do at Beagle security encompasses the use of this “intelligence” in order to develop a system that can provide better results with reduced false positives and increased accuracy.

Using AI allows us to actively test through the application response, query strings passed in the URL, error messages and HTTP headers, etc.

We use a model that combs through data and detects suspicious activity by clustering the data into meaningful patterns using unsupervised machine-learning and on confirmation from the human analysts, builds a supervised model.

Using this model we are able to develop an efficient security testing system.

It is true that the potentiality of artificial intelligence can develop sophisticated systems but it must also cope with the complications allied with the emerging technologies.

A more detailed version on how learning models can be used in security testing published at https://blog.beaglesecurity.com/blogs/2020/05/26/Artificial-Intelligence-in-Cyber-Security.html