June 06, 2011, 5:40 PM — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
With congressional hearings on data theft following the Sony PlayStation data breach of 100 million records, and news from companies such as Epsilon, HBGary, RSA and Barracuda Networks about recent cyberattacks, security of data in an online, interconnected world has become a mainstream topic.
Gartner claims that 70% of all vulnerabilities are at the Web application layer. Indeed, the majority of attacks today, including the Sony PlayStation attack, involve some form of Web application vulnerability. But an application-related data breach is not just a one-time, isolated event. The actual breach is only one stage of the attack.
ANALYSIS: Key lessons learned from Sony hack-fest
Here are the five distinct phases of an attack on a Web application.
Phase 1: Silent reconnaissance
The attacker gathers as much information as possible identifying potentially vulnerable areas of the application. This is done discretely using tools such as Web debugging proxies to monitor the traffic between the browser and the Web server. The attacker traverses the site, much like a normal user, while collecting valuable information about how the application works. This activity goes undetected, because as far as the server is concerned, it represents the traffic of a legitimate user.
At this point, the attacker will stop interacting with the target server directly. The attacker will spend significant time reviewing the data collected by the debugging proxy and extracting useful facts about the environment. This may include the type of hardware and software in the network architecture, programming languages, libraries, source code and comments. This information will be leveraged during the later phases of the attack.
Phase 2: Attack vector establishment