DEV Community: LeahFB

Everything You Need to Know about AWS EBS and EBS Snapshot Pricing

LeahFB — Sun, 14 Jun 2020 15:59:51 +0000

Amazon has changed the way companies of all sizes build and consume their IT environments. Elastic Block Storage (EBS) snapshots are a fundamental feature that helps enterprises back up data stored on AWS. However, organizations are still struggling to overcome the confusion over costs.

EBS cost management is complicated. You need to use the right type of volume, store your data effectively, and regularly look for unused EBS volumes. It is a lot to tackle. This post can help you figure out how to use your EBS volumes and manage snapshot pricing.

What Are AWS EBS Snapshots?

Amazon EBS (Elastic Block Storage) provides reliable block storage for EC2 instances. One very useful function of Amazon EBS is creating snapshots of EBS volumes. AWS EBS snapshots are typically used to provide point-in-time backup up of data stored on EBS. Each snapshot includes all the information required to restore the data from the moment of creating the EBS snapshot.

Why Is It Important to Understand the EBS Pricing Models?

Amazon EBS pricing depends on three factors: storage volume, snapshots, and the amount of data transferred out of your application. When copying EBS snapshots across regions, AWS charges you based on the amount of data transferred.

For the first EBS snapshot, Amazon saves a full copy of your data to S3 storage. For each incremental EBS snapshot, only the changed part of your volume is saved. After the EBS snapshot is copied to another region, standard snapshot fees apply for the destination region.

This is why a good understanding of the EBS pricing models can help you achieve a cost-efficient snapshots mechanism. Let’s explore the different functions and models affecting the costs of EBS snapshots.

Snapshots are incremental backups
The incremental functionality of EBS snapshots allows you to store only the changes from the last snapshot. In order to restore a volume you need to retain only the most recent snapshot.

Copying and sharing snapshots
A snapshot that is available in one region will not be available in another region, since snapshots are region-specific in nature. If you want to make a snapshot available in another region, you have to manually copy it across regions. As a result, AWS will charge you for data transfer fees and your EBS storage costs will change.

Snapshot encryption
AWS provides an option to encrypt snapshots. Copying an encrypted snapshot requires a full backup of the volume, as opposed to the incremental backup of non-encrypted snapshots. This will result in larger snapshot sizes that lead to high data transfer and storage costs.

Types of EBS volumes
AWS provides different types of EBS volumes. Each EBS volume type has a different pricing model calculation. However, snapshot pricing depends only on the storage and data transfer cost. Therefore, EBS volume types do not affect snapshot pricing. For example, let’s say you have 2 snapshots of 100GB each. One is a general-purpose SSDs volume and the other is a provisioned IOPS SSDs. Both snapshot should incur the same price even though the underlying volume types are different.

Pricing Models for EBS Volumes and EBS Snapshots

AWS EBS pricing depends on different factors, such as the volume type, the region, data transfer cost across regions, and more. Various factors and options for EBS pricing make it difficult to calculate the cost of EBS snapshots.
The table below shows the total cost per month of 1000 GB EBS snapshot storage with the EC2 service in different regions.

Type of Volume	AWS Region	Total Snapshot Cost in $
General Purpose SSDs	Europe	50
Provisioned IOPS SSDs	Europe	50
Throughput Optimized SSD	Europe	50
General Purpose SSDs	Ohio	50
Provisioned IOPS SSDs	Ohio	50
Throughput Optimized SSD	Ohio	50

As the table describes, the EBS snapshot cost does not depend on the region and EBS volume type. Snapshot costs depends only on data transfer fees and the size of snapshot. Generally, the snapshot size is smaller compared to its EBS volume, since some data blocks in the EBS volume are empty.

General Purpose SSDs EBS volume type
In East US (Ohio), AWS charges $0.10 per GB-month until you release the storage. Input/output operations per second (IOPS) are included in the price.

Provisioned IOPS SSDs EBS volume type
In East US (Ohio), AWS charges $0.125 per GB-month for storage and $0.065 per provisioned IOPS-month. IOPS are not included in the price of the volume.

Throughput Optimized HDD EBS volume type
In East US (Ohio), AWS charges $0.045 per GB-month until you release the storage. IOPS are included in the price.

Cold HDD EBS volume type
In East US (Ohio), AWS charges $0.025 Per GB-month until you release the storage. IOPS are included in the price of the volume.

Comparing EBS Costs for Different Volume Types

The following example is a cost calculation of 2000 GB EBS volume for 12 hours usage in a 30 days period, in the Ohio region. Detailed calculations can be found on the official Amazon EBS Pricing page.

EBS Volume and EBS Snapshot Pricing Calculators

AWS provides a Simple Monthly Calculator for calculating the price of EBS volumes and Snapshots. The calculator uses different inputs, including storage volumes, region, number of EC2 instances, data transfers in and out, load balancing and chosen billing methods.

The calculator lets you download a CSV file with a detailed monthly bill estimation. The monthly estimation includes expandable lines showing the cost for each part of distinct AWS services. By switching tabs, you can change between cost calculations for different AWS services, like S3, EC2 and Redshift.

Wrap Up

Adopting cloud services is not just a technical evolution. It also requires a change in how organizations operate. Cloud computing prices are closely tied to efficient usage of infrastructure resources. Therefore, organizations can benefit from understanding and optimizing EBS pricing. Efficient cloud storage cost management allows you to scale and grow without worrying about costs.

4 Ways to Personalize Your Website

LeahFB — Thu, 23 Apr 2020 18:26:06 +0000

A website is typically termed as a company’s home base on the Internet. You want to invite users to repeatedly visit your site, introduce them to your brand and products, drive sales, and inspire customer loyalty. You can achieve all of these by adding personalization features to your website. In this article, you will learn what is website personalization, including two famous examples and tips for successful personalization.

What Is Website Personalization?

Website personalization is a strategy that enables you to provide customized experiences to your users. These customizations may be based on activity from previous visits, user location, or user behavior. The purpose of personalization is to create a stronger connection with users, improving user experience, increasing visit time, increasing site traffic, and boosting brand reputation.

Personalization has been a tactic used in commerce for a long time. For example, when a shop clerk offers shoppers personal recommendations. However, it has recently expanded in popularity in the digital world due to increasing access to user data.

Applying user data to personalization enables sites to adapt to the dynamic needs and wants of visitors. This makes sites more engaging for broader audiences and can significantly increase site revenue for website owners. It is also an effective way of converting users and encouraging them to respond to your calls to action.

Web Personalization Examples

There are many examples of website personalization that you may not even be aware of. There are also examples of websites that have leveraged personalization into a central aspect of their business model. Two such examples follow.

Amazon
Amazon is an eCommerce giant that owes a large part of its popularity to personalization. Throughout the site, there are curated recommendations based on your product viewing and purchasing history.

In particular, homepage personalization is leveraged to grab a customer’s attention as soon as they land on the site. Some examples of this personalization include:

Greeting users by name
Displaying the status of recent orders
Notifying users when items on their wishlist are back in stock
Reminding users of items left in their cart

Netflix
Netflix is another example that arguably wouldn’t exist without personalization. Netflix provides users the ability to individually rate titles, bookmark items to watch and to receive recommendations based directly on those actions.

These abilities provide a customized experience for users that they have significant control over. Additionally, Netflix enables users to create multiple profiles, allowing them to more finely curate recommendations.

Another important personalization feature of Netflix is the ability to resume episodes. By keeping a history of the watch position of videos and series, Netflix enables users to consume content in a way that is flexible and convenient.

How to Personalize Your Website the Right Way

There are several practices you can use to make sure that your personalization efforts are successful. Below are a few you can start with.

Leverage Artificial Intelligence (AI) to gather user information
AI technologies can help you collect, process, and analyze user data collected from your site and other sources. For example, you can use AI to analyze voice, images, or patterns of behavior to create robust customer profiles. It can enable you to automate the time-consuming processes related to these actions and help you implement insights gained.

To accomplish this, you can create custom algorithms or you can use pre-built personalization marketing platforms. The option that is best for you depends on the value of personalization to your site and your level of expertise. For example, if you just want to create a custom chatbot, there are several frameworks that you can use to create one relatively quickly. However, if you want to implement complex analyses, a professional platform may be a better choice.

Start small
When first implementing personalization features, it’s helpful to start small. This allows you to develop familiarity and proficiency with personalization tools and methods with minimal risk. It’s also easier to refine your implementation when there is only one facet of personalization added at a time.

Once you are comfortable with personalization and the impact that it is likely to have on your users, you can begin adding more features. By starting small you are also better able to maintain brand continuity and avoid wasted effort on personalization that is not effective.

Use multiple types of personalization
When adding personalization to your site, there are several types of personalization you can implement. By combining types, you can create an immersive experience for your users.

Some types to consider include:

Navigational—based on browsing and purchase histories. This enables you to highlight areas of your site that a user has spent more time on. For example, pushing items that they displayed an interest in the front of shop inventories or highlight banners.
Predictive recommendations—take user histories and apply those histories to the identification of similar products or features. For example, recommending bestsellers based on previous high ratings of popular fiction books. Or, offering related products based on a history of products being purchased together.
Contextual messaging—applies user preferences and behavior to determine the best times and modes to contact a customer. For example, if customer engagement is higher over social media than email, communication efforts are focused on social media. Or, if a user pins a location in a mapping application, alerting them when convenient public transportation routes are nearby.

Measure your effectiveness
After you have gone to the effort of implementing personalization measures, you need to ensure that your efforts are effective. If your site visits are dropping due to personalization being glitchy or intrusive, you need to know. Understanding your effectiveness, and where it’s lacking, can help you improve your implementation and ensure that your efforts have a positive impact.

Some good places to start are social media audience insights, Google Analytics, and individual feedback. The first two can provide you with a larger, objective look at your user engagement and site traffic. The latter can help you both connect with customers and get highly specific insights that can then be applied to individual customers or customer types.

Conclusion

If implemented correctly, personalization can significantly improve user experience. The guiding principle is that by offering visitors with content they need, want, and like, they will be more likely to purchase. This principle has worked well for companies like Amazon and Netflix, which are continually personalizing offerings.

There used to be times when personalization was possible only for big companies. However, today there is a wide range of personalization solutions that can be affordable to medium-level companies, and sometimes for small companies, too. In most cases, personalization is achieved by leveraging AI technologies, user data, and big data analytics.

Personalization features can be implemented via manual configuration, by leveraging on-demand cloud computing resources, or by using dedicated platforms and solutions. Whichever method you choose, be sure to continually collect data and measure your effectiveness, and stay in touch with your customers, to make sure changes are positively accepted.

#Top 8 Tools and Practices for Preventing APT Attacks

LeahFB — Mon, 20 Apr 2020 14:04:10 +0000

Advanced persistent threats (APTs) are organized cyberattacks carried out through a long period of time. Attackers can launch APTs for the purpose of sabotaging systems and networks, as well as stealing, ransoming, and intercepting sensitive and confidential data.

APT attacks are typically carried out in six stages: starting with initial access, moving to secure access, followed by expanding access and initiating lateral movement. The following steps include staging the attack, exfiltration or damage infliction, and then a follow-up attack.

This article explains what is an APT attack, what are the stages of APT attacks, and reviews eight tools and practices you can use to prevent APTs.

What Is an Advanced Persistent Threat?

An advanced persistent threat (APT) is a cyberattack that is carried out over time by organized attackers. These attacks are carefully planned and typically consist of several stages and multiple attack techniques.

Commonly used techniques include zero-day exploits, compromised credentials, and lateral movement. Attackers often also use multiple entry points, either simultaneously or individually.

Typical goals of APT attacks include:

Theft of intellectual property, classified data, or other sensitive information
Sabotage of systems or data through deletion or modification
Abuse of resources through system takeover
Reconnaissance for future attacks
Collection of credentials or other access keys
Interception of sensitive or confidential communications

APT Attack Stages

Unlike traditional one-off threats, APT attacks are usually carried out in stages over a variable period. While not all attacks follow the same timeline or stages, most generally include the following actions.

1. Initial access
The first step of an APT attack is for the attackers to gain access. This can be done through three routes — network device, web-based interface, or human insiders. Frequently this access is gained through malware, exploitation of vulnerabilities, or use of credentials gained from phishing or other attacks.

2. Secure access
Once access is obtained, attackers work to secure that access through the creation of backdoors. Backdoors enable attackers to gain access to or control a system without having to fight security measures. It also helps ensure that if the initial attack is spotted, the attacker can easily return later.

Attackers can create backdoors by installing shells or malware, creating new user credentials, or opening ports on a system. A secondary purpose of these backdoors is to enable outbound connections. This enables attackers to transfer data out undetected when the time comes.

3. Expand access and move laterally
After entryways are secured, attackers generally focus on expanding their access to network resources. By moving laterally across a network, attackers can infiltrate more systems, applications, and data stores. This can grant them greater control of a system, additional credentials, or valuable information.

4. Stage the attack
Once your network has been sufficiently covered by the attackers, and they have determined where their targets are, they are ready to stage the main attack. This staging may involve implanting more malware, encrypting and compressing data for exfiltration, or setting monitoring utilities.

Whichever method is used, attackers obscure their efforts with the help of permissions or access they have gained along the way. For example, this could mean setting up a secure data store or creating an exception in-network logging.

5. Exfiltration or damage infliction
After staging is done, attackers are ready to conduct the attack. Often, this activity is covered by smaller attacks performed as a distraction. For example, attackers may use bots to conduct a distributed denial of service (DDoS) attack. Then, while security teams are distracted managing the obvious attack, criminals can perform their primary attack.

Regardless of what attacks or actions are performed, attackers generally make sure to destroy or fake forensic evidence. This prevents security teams from locating the real threat actors. It can also prevent security from noticing that another attack was even carried out.

6. Follow-up attacks
If attackers can remain in a system or if backdoors remain available, they may return for additional attacks. This is common when exfiltrating data or eavesdropping are the primary goals. Returning to your systems enables criminals to continue collecting data as it is created or to continue monitoring your communications. Follow-up attacks can go on for months or years before being detected.

Top 8 Tools and Practices for Preventing APT Attacks

Protecting your systems from APT attacks can be a challenge but it’s not impossible. Implementing the correct tools and practices can significantly increase the security of your systems and reduce your risks. Below are some key tools and practices that you can apply.

1. Deception technology
Deception technology involves using decoys, designed to look like legitimate resources or data. Decoys attract attacker attention because these resources appear to contain valuable information, systems, or applications. Once an attacker accesses a decoy, your security team is alerted. Since decoys do not have any legitimate reason to be accessed, teams receive a near 0% false-positive rate of alerts for attacks.

Deception technology is deployed proactively and can be left active in your systems. While it cannot stop an attack, it can help distract and slow attackers while security responds. Deception technologies can also be useful for observing attacker behavior or for collecting intelligence on attack tools and techniques without the attacker knowing.

2. Penetration testing
Penetration testing can help you discover where vulnerabilities are in your systems and ensure that your security measures are functioning as expected. It involves attacking your network from the outside, simulating how a real attack might be carried out.

There are a variety of tools you can use to perform penetration testing, including platforms like Metasploit. You can also rely on external testers to evaluate your systems, such as third-party providers or bug bounty hunters.

3. Threat hunting
Threat hunting is a practice in which security experts proactively search for evidence of attacks. It involves the use of threat intelligence, monitoring, and actively analyzing system data. Threat hunting is designed to help you identify attacks that have bypassed security measures and is one of the most effective ways of uncovering APT attacks.

4. Employee education
Employees are often one of the most vulnerable parts of your system. They may inadvertently download malware, share confidential data, or provide credentials to attackers. This is particularly true if employees are allowed to freely download files or are not able to identify phishing emails.

To avoid these issues, you need to take the time to educate your employees. Make sure they understand what risks exist, why those risks need to be avoided, and how to identify risks. Ideally, employees should also learn how to properly report issues. This can help you prevent and respond to threats faster.

5. System updates
You should always ensure that your systems are fully up to date. Updating systems and applications with the most recent patches ensure that known vulnerabilities are covered and reduce your risks of exploitation. To ensure that you have all patches necessary, you should check for updates on a regular schedule or use tools that alert you when updates are released.

6. Defense in depth
Defense in depth is the use of multiple layers of security tools and practices. It can help slow down and isolate attacks in your systems. This can provide your security teams with more time to respond to attacks and limit attacker access to your most sensitive data. Some examples of defense in depth you should be applying are external and internal firewalls, network segmentation, and internal network monitoring.

7. Access controls
Applying access controls to your systems enables you to define which users or applications can access which services and information. It involves the use of identity and access management (IAM) solutions, authentication measures, and access control lists (ACLs).

When setting up your access controls, make sure to apply the principle of least privilege. This principle states that users and applications should only be given access to the minimum amount of resources needed. It can help ensure that even if a user or application is compromised, an attacker's access is limited.

8. Network monitoring
Continuously monitoring your systems is vital to keeping resources protected. This means monitoring both internal and external activities. For example, file access and attempts to log-in to web interfaces. Generally, this involves a combination of system information and event management (SIEM) and endpoint detection and response (EDR) solutions.

SIEM and EDR can work together to help you monitor your network as a whole from a centralized console. These systems aggregate data from across your network and perimeter and apply behavior analyses to detect suspicious activity. When an activity is found, your security team is alerted and can use information from these tools to identify and stop an attack.

Conclusion

APTs can inflict a lot of damage. However, APTs are not unstoppable. You can protect your network, system, devices, data, and users, by applying a combination of technologies and practices. You can use deception technology to lure APT attackers into a trap, typically set up in a detached and secure decoy location.

To ensure your assets contain as few vulnerabilities as possible, you can implement penetration testing and update systems regularly. Threat hunting and network monitoring can ensure that activity is monitored, and any suspicious behavior initiates an immediate response. Employee education and access controls can help ensure that APTs can’t exploit insider threats.

APTs are tricky to detect, but the above eight tools and practices can help you ensure that systems are well-protected and monitored, users are well informed, and that APT attackers have less leverage to exploit vulnerabilities. Keep your security posture as strong as possible, your users continually educated, and your response as swift as possible.

Python Security: Top 5 Best Practices

LeahFB — Sun, 05 Apr 2020 05:28:16 +0000

Even the best developers can’t account for all security vulnerabilities. No application is ever fully secured, no matter how much you might like it to be. Python applications are no exception. You can even find security flaws in the standard library documentation. However, that does not mean you should stop trying to write secure software. This article walks you through the key best practices for securing python code.

What Is Python?

Python is an object-oriented, high-level programming language with dynamic semantics. Python enables fast application development with built-in data structures, dynamic binding, and dynamic typing.

The syntax of Python is readable and easy to learn and thus reduces the cost of maintenance. Python supports packages, and modules that enable code reuse and program modularity. The Python standard library and the interpreter are available in source or binary form for free-for-all major platforms, and can be freely distributed.

5 Python Security Best Practices

The below list reviews the top five Python security best practices you need to start using.

1. Carefully download packages
Developers usually use the pip standard package installer or Pipenv to install packages. However, the Python Package Index (PyPI) that distributes packages may include malicious code. PyPI has a standard process for reporting security issues. PyPI immediately addresses reports about malicious packages or problems, but it does not review newly added packages.

You can always expect to find malicious packages in PyPI. Before downloading, you need to research the package you want to install and carefully spell out the package name. Attackers can exploit a misspelled package name to execute malicious code.

2. Stay up-to-date on vulnerabilities
A quick response to any open source vulnerability is critical for successful remediation of problems within your code. Remediation means upgrading to a newer open source dependency version, patching, and changing your code to ensure to avoid vulnerable functions.

You are not expected to discover vulnerabilities on your own. That’s what vulnerability databases are for. These platforms collect and categorize vulnerabilities, and often provide this information for free, as a service to the public.

3. Use the latest Python version
Some developers still use Python 2 versions, even though Python 3 was released back in 2008. The problem is that Python 2.7 and older versions do not have the same security updates as Python 3.

For instance, exception chaining and input methods were improved in Python 3. As a result, attackers may exploit inputs of Python 3 code that run in a Python 2.7 environment. The Python community stopped the support for Python 2.7 in 2020. So you should deploy new versions of Python to avoid any potential risks.

4. Never include password in commits
GitHub is an open-source and publically available version control system. Anyone can access your GitHub repository and use your code. Make sure not to include any passwords in your files, or URL descriptions. Passwords will always remain in a log or database, once committed to GitHub or a similar service.

5. Be careful with string formatting
Python offers four flexible string formatting approaches. However, flexible formatting syntax like the f-strings can be vulnerable to exploits. This is why developers should pay attention when formatting user-generated strings.

The Python built-in string module can help you overcome this problem. Built-in string modules are based on the template class that enables you to create template strings. For instance, the code below asks users to enter their name and then displays the name:

from string import Template
name_template = Template(“Hello, my name is $name.”)
greeting = name_template.substitute(name=”James”)

The output is a string of “Hello, my name is James”. This string module is not as flexible as f-string. This is why string modules are a good choice for handling user inputs.

Top Python Security Tools

Take a look at some of the most common Python security tools and scanners.

Bandit
Bandit is an open-source tool aimed at finding common Python security issues. Bandit scans each file, builds an AST module from it, and runs relevant plugins against the AST nodes. After the scanning, Bandit generates a report with the status of each file.

Key features include:

Test plugins—supports various tests that help you detect security issues in Python code. You can create these tests as plugins to extend the functionality of Bandit.
Blacklist plugins—you can blacklist imports and function calls. This functionality is an integrated part of one of the Bandit tests. You can filter this test according to normal plugin filtering rules.
Report formatters—supports various formatters that can output Python security issues. You can create these formatters as plugins and to extend the functionality of Bandit.

Pyntch
Pyntch is a static code analysis tool for Python. Pyntch can identify potential runtime errors before actually running a code by scanning a source code statically.

The scanning process analyzes all possible variable types, function arguments, attributes, and return values of each function or method. Then it identifies possible issues caused by attributes not found, type mismatch, or other types of exceptions.

Pyntch gathers the following information:

Possible types of objects—of each variable, class attribute, function argument to detect exceptions.
Functions or instance methods—that you can call at each function call.
Calling locations—for each method or function.
Uncaught exceptions—like type mismatch, access to undefined attributes, iteration over non-iterable objects and more.

Spaghetti
Spaghetti is an open-source network-based spatial data analysis library. The library is based on the Python Spatial Analysis Library (PySAL) network module. You can use Spaghetti to build graph-theoretic networks and analyze the network events.

Key features include:

Network representation—creates and visualizes network objects.
Spatial network analysis—demonstrating network representation and cluster detection.
Optimal facility location—demonstrating network-based optimal facility location modeling.

Requires
Requires monitors the requirements of your Python project and notifies you whenever a dependency is outdated.

Key features include:

Tracking security updates—for all the dependencies of a project.
Filter directive—enables you to filter PyPI releases before matching them to your requirements.
Badges—provides badges for tracking projects status. These badges were generated using the shields.io.

Conclusion

Developers usually do not include secure coding practices when learning a new programming language. Many developers are not aware of the security risks in using Python standard libraries. Make sure to follow these security best practices to make your Python applications secure. You can also leverage artificial intelligence (AI) technologies to automate and improve the process.

Coding Best Practices Every Developer Should Know

LeahFB — Tue, 17 Mar 2020 14:20:01 +0000

Writing high-quality code can be challenging, particularly when you’re under tight deadlines or you’re fighting off bad coding habits. When working on your own small project, stylistic quirks and deviations from accepted standards may not be a big deal. However, when working as part of a team or on projects that others maintain, writing clear, efficient code is vital.

To ensure that your code doesn’t become a nightmare for yourself or others, you need to adopt certain best practices. In this article, you’ll learn some of the most common best practices to ensure clean, and easy-to-maintain code.

10 Coding Best Practices

The following are some basic coding best practices that you should incorporate when you program. These practices are language independent and can help any level developer produce higher quality and more accessible code.

1. Prioritize Readability

When you prioritize the readability of your code, it helps others handle your source code. Code that is easy to read enables you to quickly understand what the code is supposed to do. It also makes it easier to troubleshoot issues or make changes.

To improve readability, make sure to use a consistent style. Use regular indentation and spacing to visually define code blocks and lines. Consistent use of white space can make it easier to spot syntax errors and to follow the path of the code. You can use linters to help you ensure consistency. Linters are tools that analyze static code for stylistic and programmatic errors.

2. Follow Naming Conventions

Follow proper naming conventions for your variables, functions, classes, etc. A name should reflect the usage or value that it is tied to. It should add information and clarity to your code. For example, using “age” instead of “x” or “calcTaxRate” instead of “funcA”.

3. Use Comments

As you write your program, try to find a balance of code and comments. Some sections may not need comments, especially when you use proper naming conventions and simple logic. Other sections may be less clear. When creating comments, try to address what a block of code does and why it’s implemented the way it is.

Adding comments to complex functionality can help you better maintain code later. Comments can make it simpler to find the functionality you’re looking for and make the necessary changes. Commenting can also make it easier for other developers to work with your code.

4. Keep Code Simple

Keep your code as simple as possible. Use the simplest functions and loops possible to create the functionality you need. It reduces the chance of bugs being introduced by excess complexity.

Using simple code can help reduce the number of code lines in your codebase. However, don’t make the mistake of trying to make all functionality as compact as possible. Trying to cram everything into single line statements often makes code less readable. You need to find a balance between code lines and readability.

5. Limit Dependencies

The general rule is—the fewer dependencies, the better. The fewer dependencies you include, the more secure and stable your code will be. Dependencies can introduce vulnerabilities into your code and updates, and removal of libraries can cause your code to break.

To minimize dependency use, try to find the minimal amount of libraries to meet your needs. Also, try to avoid using a library for a single purpose. Unless a function or method is highly complex, it’s better to write it directly into your code.

6. Verify Open-Source Code

There’s nothing wrong with using code from StackOverflow or incorporating open-source libraries into your projects. However, you shouldn’t use these tools carelessly. Make sure you know what the code you’re incorporating does and ensure that it doesn’t include any malicious functionality or exploits.

Scan any code you wish to use and make sure you are using the most recent version of reputable libraries. It’s a good idea to evaluate any dependencies for vulnerabilities and verify whether there are any known issues. Vulnerability databases and threat data feeds can be a good source of information for verification.

7. Use Trusted Security Tools

Unless you are a security expert, you should not try to code your own security tools. This includes encryption and authentication tools.

Security tools require significant expertise to develop effectively. It doesn’t make sense to put yourself or your users at risk by trying to craft your own. Instead, stick to established and respected security libraries with a proven track record.

8. Avoid Hardcoding Values

Hardcoding is when you write values directly into your logic. Hardcoding makes it more difficult to update code. It can also present a security risk, particularly if you hardcode passwords or API keys. You can use constants and configuration files instead of hardcoding

9. Don’t Ignore Errors

Don’t try to hide errors by catching and ignoring exceptions or by using libraries that don’t report errors. Hiding errors may make your code seem cleaner but it can make it harder to find and diagnose errors later. When you do need to ignore errors, log them so you can find and analyze the data later.

10. Use Helper Functions

Use “helper” functions to break down complex tasks. These functions can be joined together by calling them in a primary function. This joining enables you to break a feature into manageable chunks while still achieving the functionality you need. Using “helper” functions makes it easier to correct issues or modify functionality later on.

Conclusion

Hopefully, this article helped you learn some best practices you can integrate into your coding projects. When adopting these practices, remember that changing the way you work doesn’t happen immediately. Improving your practices takes effort but the results are worth it and mean less work in the future for you and your team.

Once you’re ready for more specific guidance on how to improve your code, search for your language’s coding standards. You should find a variety of standards to choose from, many of which are specially written for specific industries.

APT Security: 6 Best Practices

LeahFB — Mon, 23 Dec 2019 18:06:37 +0000

Today, cyber attacks can be highly complex, including whole campaign attacks that target sensitive data. According to security reports, criminals are even attacking non-traditional targets, such as supply-chains. For instance, in January 2019, there was a supply-chain attack involving the mechanism used to deliver software updates to ASUS laptops. The attackers installed a backdoor to the software which was distributed through official channels.

Preventing this type of sophisticated attack, used to enable an Advanced Persistent Threat (APT), requires a comprehensive security approach. This article covers a brief overview of APT attacks and best practices to tackle them.

What Are Advanced Persistent Threats?

An advanced persistent threat is different from other attacks due to the length of time it spans. Attackers aim to gain access to the network and stay undetected for as long as possible. Once attackers enter the network, they usually perform reconnaissance activities, inserting malicious code to retrieve sensitive data.

The goal of APT campaigns is to steal sensitive and valuable data, such as personally identifiable data or intellectual property. Some APT groups have can have other motivations, such as trying to cause damage, deleting databases, or taking over your network.

Some APT attacks are costly to implement due to the high cost of the tools required which can reach hundreds of thousands of dollars. The complexity of carrying out these attacks combined with high costs often mean that APT attacks are carried out by organized groups of criminals. These groups may receive support or financial backing from nation states or state-sponsored groups.

How Does an APT Work?

In order to properly protect your systems, you need to understand how APT attacks work. This includes the methods attackers use to get into your system.

The main stages of an APT Attack include:

Step 1: Infiltration
The first stage for the attacker is to try to enter the network. Usually, attackers gain access by compromising privileged users’ credentials or web assets. One of the most popular ways attackers use to gain access to privileged users is with spear-phishing attacks. Spear-phishing attacks use information gained from other sources to target specific, high-value individuals.

Combined with infiltration methods, criminals sometimes carry on a Distributed Denial of Service (DDOS) attack. DDOS attacks flood the system with fake requests until it collapses and cannot take legitimate requests. This provides a distraction for security and allows attackers more freedom to enter a system. Once inside the system, attackers install a backdoor to keep the entrance open and continue performing malicious activities.

Step 2: Expansion
At this stage, the attacker searches for additional vulnerabilities, trying to uncover new points of entry. The goal at this point is to ensure the continuity of the attack by setting additional backdoors and extend the network of compromised assets.

Step 3: Extraction
Once the attacker has built a solid network, they gather the targeted data. Frequently attacks target sensitive data that can be sold for a high value on the dark web. Attackers collect data on temporary servers before exporting it out of the network. Attackers usually conduct distraction techniques called white noise tactics to delay the security team with false leads to gain more exfiltration time..

Step 4: Remove Evidence
After the attackers get the data they want, they often remove any traces of the APT campaign. This prevents security teams from tracking or possibly even identifying the attack. Removing evidence, doesn’t mean attackers are gone for good. On the contrary, usually they leave behind a backdoor, to return and extract more data.

Best Practices for Mitigating Advanced Persistent Threats

APTs can target any type of sensitive data since what matters to attackers is the potential monetary value of the information. That means, no industry is safe and even small companies can be victims of attacks as part of larger campaigns. Therefore, it is critical for all kinds of organizations to have strategies and tools to prevent and mitigate APT attacks.

The distributed nature of networks provides a broad attack surface, providing more opportunities for APT groups to carry out attacks. To prevent these attacks, organizations need to implement a proactive, dynamic, and well-rounded security approach.

1. Policies and governance
Organizations should start by defining clear information security policies. Security policies help organizations define clear guidelines on access controls, training, response, recovery and permissions.

A robust governance framework is critical since it specifies accountability in the decision-making process. Governance gives the organization a clear view to ensure risks are mitigated in alignment with business objectives.

2. Constant monitoring
One of the key measures to prevent the installation of backdoors is the monitoring of all inbound and outbound traffic. Monitoring should include installing network and Web Application Firewalls (WAF). These monitoring solutions constantly filter traffic, sending alerts when there are signs of suspicious activity.

3. Correlation and threat management
Implementing correlation solutions can help you identify threats as soon as malicious activity starts. Solutions such as Security Information and Event Management (SIEM) use correlation to detect attack patterns and connections between seemly unrelated events.

Sometimes attackers overcome common correlation techniques such as manual threat correlation, field comparison or rule-based matching. SIEMs, which often include behavior analysis tools, can help identify traditionally missed activity. You can further protect your system by making sure correlation solutions incorporate up-to-date threat intelligence.

4. Access control
Attackers often use compromised user credentials to gain initial access to systems. Employees can unknowingly provide these credentials to attackers who trick them into opening malicious links. APT attackers may also try to compromise users by bribing them in exchange for credentials. You can mitigate these risks by implementing the principle of least privilege, which limits the exposure of resources to employees. You should also train employees on how to identify phishing emails or links.

What’s Next?

Security experts predict advanced persistent threats are to become even more sophisticated and complex. It is important to be aware of the trends to prepare the relevant protection for your system. Two trends experts expect to see in 2020 include:

False flags
This method involves trying to direct attention away from the attackers. In recent attacks, attackers have stolen and reused code from other unrelated APT actors to divert blame. An example of this is the Turla attack in which a Russian criminal group reused code from an Iranian group. Criminals use this technique to distract security analysts, causing them to waste time tracking the wrong actors.

Mobile attacks
The last decade has seen the shift from PC to mobile devices. Threat actors quickly noticed this opportunity and developed attack tools for mobiles. Attackers are beginning to use mobile devices to infiltrate networks and to retrieve sensitive information. For example, there are cases where attackers exploited zero-day vulnerabilities on mobile systems such as iOS to retrieve sensitive data.