We’re all familiar with the Open Web Application Security Project (OWASP) Top 10 Web Application Security Risks. Not only have organizations used this list to adopt new development practices to produce more secure code, but security vendors have built products to detect and prevent these top attacks. But what happens when an attacker uses your application, and its standard functionality, against you?
Application abuse is a unique attack class: it does not rely on just a few malicious payloads, but instead consists of a series of activities taken against an application over a period of time. This type of attack requires you to understand the behavior of your application, at various levels, to determine whether the activity is expected and normal or malicious. Well known examples include:
- Enumeration attacks, such as credit card validation, Google Docs, or Zoombombing, where an attacker enumerates random number looking for a match
- Brute Force attacks, including credential stuffing, to gain access to an application using default accounts or credentials from previous breaches
- Performance attacks, including large searches and queries, that impact the performance of the application or even make the application non-responsive
Since these attacks do not include malicious payloads, how do you detect and respond to these types of attacks? There are a few techniques, when coupled together, that can help protect your application from these types of attacks, including:
- Source reputation, including IP and Domain, to determine the intent of the source
- Rate limiting, including pagination of results, to limit the activity for a period of time
- Redirection, including deception techniques, to keep the attacker engaged, but not impacting your application
Implementing these techniques require security solutions to understand all levels of your application, which is where Signal Sciences shines. Leveraging their Next-gen Web Application Firewall (WAF) and Runtime Application Self Protection (RASP) capabilities, Signal Sciences not only inspects traffic directed at your application, but also provides visualizations of key security data across the application architecture, including servers, containers, APIs, etc. By combining all of this data together, Signal Sciences can easily stop application and API abuse.
To see an overview of Signal Sciences, watch the interview on Application Security Weekly here.