In recent years, application development cycles have increasingly turned to agile and Devops approaches.Fast life cycles, where changes are on the agenda and the product owner is immersed in the project. Probably all these good intentions, after a few weeks arise the issues and we always try to quickly to close the backlog and the opened issues. In short, you have to go super fast to stay in time with sprints and delivery applications.
Deciding how to grant access to the data in the application, it’s not always easy or in many cases we didn’t have enough time or budget to test everything. Leaving access intact for individuals who no longer need it, or using poor credentials,can compromise our entire system. I have also heard professionals think that on the cloud everything is protected by amazon or google or microsoft…this makes me the idea that perhaps for some of you it is better to go on something else if you don’t know the difference between responsibilities on cloud.
OWASP Top 10 2019, access controls, firewalls, and other security measures are largely ineffective in protecting the system if these vulnerabilities are present in the application code.
Injection attacks -> Your application accept untrusted data from a malicious user. A classic example is SQL injection, Command Injection, where the attacker sends information that causes the query to return everything in the table instead of what was intended. This could receive information from the database or from the operating system in case of command injection.
XML external entity attacks ->An attacker uses XML data which processes and that performs undesirable actions.This could call files on the system or shell remotely.
Deserialization attacks => An attacker sends “packed” objects to your application that cause undesirable effects and usually we can inject a payload shell to create a reverse shell on the system (RCE).
Vulnerability management at the network layer involves in protecting the communication that takes place through a lower level, for this there are firewalls, ips, ids, web app firewalls. We have to make sure to create rules that only allow traffic that interests us is to keep doors closed. Managing the network components and managing which network communications is the key to allow the right traffic. We also need to monitor and create an alarm system in case of suspicious traffic to analyze what happens.
This is just part of what we can do to protect our infrastructure.