When you incorporate security features into your application's design, implementation, and deployment, it helps to have a good understanding of how attackers think. By thinking like attackers and being aware of their likely tactics, you can be more effective when applying countermeasures. This Research describes the classic attacker methodology and profiles the anatomy of a typical attack.
This Research analyzes Web application security from the perspectives of threats, countermeasures, vulnerabilities, and attacks. The following set of core terms are defined to avoid confusion and to ensure they are used in the correct context.
Asset. A resource of value such as the data in a database or on the file system, or a system resource
Threat. A potential occurrence — malicious or otherwise — that may harm an asset
Vulnerability. A weakness that makes a threat possible
Attack (or exploit). An action taken to harm an asset
Countermeasure. A safeguard that addresses a threat and mitigates risk
This Research also identifies a set of common network, host, and application level threats, and the recommended countermeasures to address each one. The Research does not contain an exhaustive list of threats, but it does highlight many top threats. With this information and knowledge of how an attacker works, you will be able to identify additional threats. You need to know the threats that are most likely to impact your system to be able to build effective threat models. These threat models are the subject of Research 3, "Threat Modeling."
The following are recommendations on how to use this Research:
Become familiar with specific threats that affect the network host and application. The threats are unique for the various parts of your system, although the attacker's goals may be the same.
Use the threats to identify risk. Then create a plan to counter those threats.
Apply countermeasures to address vulnerabilities. Countermeasures are summarized in this Research. Use Part III, "Building Secure Web Applications," and Part IV, "Securing Your Network, Host, and Application," of this guide for countermeasure implementation details.
When you design, build, and secure new systems, keep the threats in this Research in mind. The threats exist regardless of the platform or technologies that you use.
Anatomy of an Attack
By understanding the basic approach used by attackers to target your Web application, you will be better equipped to take defensive measures because you will know what you are up against. The basic steps in attacker methodology are summarized below and illustrated in Figure 2.1:
Survey and assess
Exploit and penetrate
Escalate privileges
Maintain access
Deny service
Figure 2.1
Exploit and Penetrate
Having surveyed a potential target, the next step is to exploit and penetrate. If the network and host are fully secured, your application (the front gate) becomes the next channel for attack.
For an attacker, the easiest way into an application is through the same entrance that legitimate users use — for example, through the application's logon page or a page that does not require authentication.
Escalate Privileges
After attackers manage to compromise an application or network, perhaps by injecting code into an application or creating an ...