Part 1: Identify and Reduce Attack Surface in Applications

iBot · #1 (**permalink**) 08-03-2009

This is continuation of my previous post on Defending Information Assets by Reducing the Attack Sutface

Identify and Reduce Attack Surface in Applications

An application’s “Attack Surface” is the areas where an application is vulnerable and can be exploited.

As per Wikipedia definition, "Attack surface in a software environment is the scope of functionality that is available to unauthenticated users. In other words, how much can a piece of software do in its default configuration by unauthorized users".

An attack surface comprise of application entry points, program code, other vulnerable applications installed on the same server etc. A malicious user can use any of the above to exploit an application.

An entry point for an application can be an open socket (not a port) or an application console or a RPC. If there are multiple applications installed on the same server, then vulnerability on one application can compromise all other applications installed on the same server.

Identify Attack Surface in Applications

There are many things that we can do to identify and reduce the attack surface in applications.

To identify the attack surface of an application, we can run application security scanners. The new complex web applications are built on Web 2.0 technologies so traditional scanners might not be able to discover all the new web application vulnerabilities. This should also be taken into consideration while selecting an application security scanner. There are web application security scanners like HP Webinspect which can scan complex web applications.

We need to proactively scan internet facing applications for vulnerabilities before they are deployed into Production Network.

If there are vulnerabilities found at code level, then those should be reported to the application vendor so that they can develop a patch or hotfix to address those vulnerabilities.

Before we deploy an application into production, we first need to have a clear understanding about which application features are really used in the corporate environment. Any unwanted /unused features should be disabled or uninstalled.

We should also provide different level of privileges to users based on there functional role. For applications which are using service accounts to start services should only be using a least privilege account for the same. If an application is running with high privileges, then its attack surface for that application would be very huge.

It is always recommended to have a dedicated server for critical applications. If there are more programs which are running, then the running code in the memory will be more and it would be easy for a malicious user to find vulnerabilities in the running applications.

These are not the complete list but all of the above mentioned steps will help to reduce the attack surface though it can not be fully eliminated.

More...

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Defending Information Assets by Reducing the Attack Surface	iBot	IT Security RSS	0	07-31-2009 02:15 PM
Developing MySQL Database Applications With PHP Part 1: Using the MySQL Improved Exte	iBot	Solaris BigAdmin RSS	0	06-12-2009 07:00 PM
Protecting Java EE Applications With OpenSSO Policy Agents, Part 2: Same-Domain SSO	iBot	Solaris BigAdmin RSS	0	01-08-2009 09:30 AM
Microsoft Surface	iBot	Complex Event Processing RSS News	0	12-14-2008 10:50 AM
GlassFish and MySQL for Developing and Deploying Web Applications (Part 1)	iBot	Solaris BigAdmin RSS	0	11-19-2008 05:40 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread:


	Powered by