官术网_书友最值得收藏!

Application layer attacks

Application layer attacks come in the highest variety and severity, and include but are not limited to the following:

  • Brute-force attacks: An attacker tries to gain access by trying to breach an application entry point (remote desktop, SSH, web login) with a dictionary attack or similar
  • Session hijacking: The attacker intercepts credentials or tokens and pretends to be an active user to gain access
  • Injection attacks: An attacker exploits poor application security to inject information into the application for DoS or to gain access
  • Account hijacking: Accounts are hijacked through phishing or inadvertent disclosure of credentials for DoS or to gain access

We can easily detect brute-force attacks with a monitoring solution such as CloudWatch, which can provide an alert when a certain user has reached a certain threshold of invalid logins over a certain period of time.

To protect from session hijacking, we could use encryption. Since the traffic is encrypted, it will make it very difficult for an attacker to perform a session hijack. We can also implement mechanisms that allow you to check network packets on several layers. This helps our application determine whether the packet has been altered, thus indicating an interception and a possible attempt to hijack the session.

AWS WAF can be used to prevent injection attacks, but the wisest way to protect your application is to secure it at the application layer.

Possibly the most difficult attack to detect and protect from the network layer would be account hijacking. Phishing or inadvertent credential disclosures can lead to an attack that is hard to detect. An attacker can easily fool any automated system and pretend to be a legitimate user while trying to gain deeper access or transferring confidential data from our application. The recommended way to protect from account hijacking is to use multi-factor authentication (MFA). AWS has built-in MFA for AWS accounts and IAM users. We should always make sure that any developers building any type of publicly accessible application understand the need for MFA. Building MFA capability into the application level will raise the security of any application accounts dramatically.

主站蜘蛛池模板: 伊川县| 临桂县| 澄城县| 锡林浩特市| 玉树县| 汪清县| 舒兰市| 腾冲县| 麻栗坡县| 柳州市| 杨浦区| 长子县| 咸阳市| 郸城县| 抚远县| 忻城县| 镇坪县| 商城县| 宁城县| 九龙县| 徐州市| 石阡县| 斗六市| 扬州市| 利川市| 竹北市| 乐陵市| 比如县| 叶城县| 新巴尔虎左旗| 汉中市| 双峰县| 景东| 昌图县| 沭阳县| 和顺县| 徐州市| 大同县| 尉犁县| 湘潭县| 五河县|