官术网_书友最值得收藏!

Application layer attacks

Application layer attacks come in the highest variety and severity, and include but are not limited to the following:

  • Brute-force attacks: An attacker tries to gain access by trying to breach an application entry point (remote desktop, SSH, web login) with a dictionary attack or similar
  • Session hijacking: The attacker intercepts credentials or tokens and pretends to be an active user to gain access
  • Injection attacks: An attacker exploits poor application security to inject information into the application for DoS or to gain access
  • Account hijacking: Accounts are hijacked through phishing or inadvertent disclosure of credentials for DoS or to gain access

We can easily detect brute-force attacks with a monitoring solution such as CloudWatch, which can provide an alert when a certain user has reached a certain threshold of invalid logins over a certain period of time.

To protect from session hijacking, we could use encryption. Since the traffic is encrypted, it will make it very difficult for an attacker to perform a session hijack. We can also implement mechanisms that allow you to check network packets on several layers. This helps our application determine whether the packet has been altered, thus indicating an interception and a possible attempt to hijack the session.

AWS WAF can be used to prevent injection attacks, but the wisest way to protect your application is to secure it at the application layer.

Possibly the most difficult attack to detect and protect from the network layer would be account hijacking. Phishing or inadvertent credential disclosures can lead to an attack that is hard to detect. An attacker can easily fool any automated system and pretend to be a legitimate user while trying to gain deeper access or transferring confidential data from our application. The recommended way to protect from account hijacking is to use multi-factor authentication (MFA). AWS has built-in MFA for AWS accounts and IAM users. We should always make sure that any developers building any type of publicly accessible application understand the need for MFA. Building MFA capability into the application level will raise the security of any application accounts dramatically.

主站蜘蛛池模板: 西乌珠穆沁旗| 稻城县| 金门县| 大埔区| 尚志市| 青浦区| 克山县| 开鲁县| 永德县| 威信县| 南华县| 乐平市| 和平县| 大余县| 武穴市| 和顺县| 景谷| 白水县| 浪卡子县| 赣榆县| 城市| 安丘市| 辰溪县| 天台县| 通江县| 宾川县| 静乐县| 平和县| 奇台县| 诸城市| 博白县| 托克逊县| 文成县| 广饶县| 三亚市| 行唐县| 兴仁县| 惠水县| 墨江| 崇仁县| 荣成市|