Attacks on web applications
Existing web application defenses struggle to detect this class of attacks. Tooling deployed on the web server, a Web Application Firewall (WAF), or a reverse proxy is unable to inspect calls from the browser to a third-party domain. Capabilities like Content Security Policy (CSP), something most web defenders know as a tool for combating Cross-Site Scripting (XSS), could theoretically help manage this risk. CSP allows web defenders to send a directive from the web application, or a reverse proxy, to the browser indicating which domains the browser should trust for a given web page.
As web applications become more dependent on dynamic third-party content, it has become more challenging to maintain a whitelist of trusted domains. As CSP has been a part of a web defender’s toolkit for more than ten years, perhaps this complexity is one reason aggressive CSP policy is seldom implemented.
Know more @ information security consultant
Other challenges with using CSP to combat these attacks is the fact domain-level whitelists can be quite broad if CDN’s or CSP storage domains are included. That can result in the opening of a wide aperture an adversary could exploit.
As attackers targeting the expansive attack surface presented by the modern web application’s supply chain continue the inevitable progression of evasions, new techniques will be required to detect these attacks. Fortunately, for web defenders, many of these evasive techniques have been observed before in desktop malware.
As adversaries in this space introduce a technique like DGA to evade static blacklists during exfiltration or command and control, defenders can leverage the significant research into detecting DGA’s from the corporate malware. Similarly, as we observe evasion methodologies such as anti-forensics (as seen in Pipka), defenders can also draw inspiration from techniques that have been effective in endpoint malware.
CommentairesAucun commentaire pour le moment
Suivre le flux RSS des commentaires
Ajouter un commentaire