官术网_书友最值得收藏!

Application layer attacks

Application layer attacks come in the highest variety and severity, and include but are not limited to the following:

  • Brute-force attacks: An attacker tries to gain access by trying to breach an application entry point (remote desktop, SSH, web login) with a dictionary attack or similar
  • Session hijacking: The attacker intercepts credentials or tokens and pretends to be an active user to gain access
  • Injection attacks: An attacker exploits poor application security to inject information into the application for DoS or to gain access
  • Account hijacking: Accounts are hijacked through phishing or inadvertent disclosure of credentials for DoS or to gain access

We can easily detect brute-force attacks with a monitoring solution such as CloudWatch, which can provide an alert when a certain user has reached a certain threshold of invalid logins over a certain period of time.

To protect from session hijacking, we could use encryption. Since the traffic is encrypted, it will make it very difficult for an attacker to perform a session hijack. We can also implement mechanisms that allow you to check network packets on several layers. This helps our application determine whether the packet has been altered, thus indicating an interception and a possible attempt to hijack the session.

AWS WAF can be used to prevent injection attacks, but the wisest way to protect your application is to secure it at the application layer.

Possibly the most difficult attack to detect and protect from the network layer would be account hijacking. Phishing or inadvertent credential disclosures can lead to an attack that is hard to detect. An attacker can easily fool any automated system and pretend to be a legitimate user while trying to gain deeper access or transferring confidential data from our application. The recommended way to protect from account hijacking is to use multi-factor authentication (MFA). AWS has built-in MFA for AWS accounts and IAM users. We should always make sure that any developers building any type of publicly accessible application understand the need for MFA. Building MFA capability into the application level will raise the security of any application accounts dramatically.

主站蜘蛛池模板: 西青区| 平顶山市| 尼玛县| 屯留县| 彭水| 天水市| 临夏市| 莱西市| 保德县| 阆中市| 收藏| 柘城县| 咸阳市| 峡江县| 海晏县| 武平县| 白朗县| 鹤岗市| 昌邑市| 沁阳市| 电白县| 花莲县| 阜城县| 松滋市| 綦江县| 精河县| 孙吴县| 沽源县| 嘉荫县| 隆昌县| 南岸区| 阿瓦提县| 大连市| 九台市| 探索| 赞皇县| 托克托县| 平谷区| 阿图什市| 彭山县| 普兰店市|