SOFTWARE ENGINEERING

Software Engineering



Software Engineering

When you incorporate security features into your application's design, implementation, and deployment, it helps to have a good understanding of how attackers think. By thinking like attackers and being aware of their likely tactics, you can be more effective when applying countermeasures. This Research describes the classic attacker methodology and profiles the anatomy of a typical attack.

This Research analyzes Web application security from the perspectives of threats, countermeasures, vulnerabilities, and attacks. The following set of core terms are defined to avoid confusion and to ensure they are used in the correct context.

Asset. A resource of value such as the data in a database or on the file system, or a system resource

Threat. A potential occurrence — malicious or otherwise — that may harm an asset

Vulnerability. A weakness that makes a threat possible

Attack (or exploit). An action taken to harm an asset

Countermeasure. A safeguard that addresses a threat and mitigates risk

This Research also identifies a set of common network, host, and application level threats, and the recommended countermeasures to address each one. The Research does not contain an exhaustive list of threats, but it does highlight many top threats. With this information and knowledge of how an attacker works, you will be able to identify additional threats. You need to know the threats that are most likely to impact your system to be able to build effective threat models. These threat models are the subject of Research 3, "Threat Modeling."

The following are recommendations on how to use this Research:

Become familiar with specific threats that affect the network host and application. The threats are unique for the various parts of your system, although the attacker's goals may be the same.

Use the threats to identify risk. Then create a plan to counter those threats.

Apply countermeasures to address vulnerabilities. Countermeasures are summarized in this Research. Use Part III, "Building Secure Web Applications," and Part IV, "Securing Your Network, Host, and Application," of this guide for countermeasure implementation details.

When you design, build, and secure new systems, keep the threats in this Research in mind. The threats exist regardless of the platform or technologies that you use.

Anatomy of an Attack

By understanding the basic approach used by attackers to target your Web application, you will be better equipped to take defensive measures because you will know what you are up against. The basic steps in attacker methodology are summarized below and illustrated in Figure 2.1:

Survey and assess

Exploit and penetrate

Escalate privileges

Maintain access

Deny service

Figure 2.1

Exploit and Penetrate

Having surveyed a potential target, the next step is to exploit and penetrate. If the network and host are fully secured, your application (the front gate) becomes the next channel for attack.

For an attacker, the easiest way into an application is through the same entrance that legitimate users use — for example, through the application's logon page or a page that does not require authentication.

Escalate Privileges

After attackers manage to compromise an application or network, perhaps by injecting code into an application or creating an ...