06 Mitigation Stratgies What is Application security
•An application (app for short) is a specific
program designed to perform a particular task. It takes input , process input and gives you an output
•Application attacks are malicious attempts to
exploit weaknesses in software applications to gain unauthorized access to data, systems, or resources.
•They target the application layer, which sits
between the user interface and the back-end systems that store and process data. Why Application Security is important ?
Applications routinely Applications often have handle sensitive Application security is a privileged access to the information, including critical component in operating system, credit card numbers, Social system security hardware, and other Security Numbers, and resources proprietary business information
Many software applications Applications are the heart
Application failures can rely on databases that also of the modern enterprise disrupt businesses with contain sensitive and performs business- very serious consequences information critical function. Buffer Overflow
•A buffer overflow, or buffer overrun, occurs when
more data is put into a fixed-length buffer than the buffer can handle.
•The extra information, which must go somewhere,
can overflow into adjacent memory space, corrupting or overwriting the data held in that space. Buffer Overflow- Example
•One real-world example of a buffer overflow
attack is the Slammer worm, also known as the SQL Slammer.
•In January 2003, this malicious software exploited
a buffer overflow vulnerability in Microsoft SQL Server.
•The worm spread rapidly by sending a small,
specially crafted packet of data to vulnerable servers, causing a buffer overflow in the server’s memory.
•The result of this overflow was that the worm’s
code was executed in the server’s memory space, generating a flood of network traffic as it attempted to infect other vulnerable systems. Reason for Buffer Overflow
01 Poor Programming Practice.
02 Programming language weakness
Lack of Input Validation
03
Poor Management of 04 Memory Allocation Malicious Update
•A malicious update occurs when legitimate
software or firmware is altered or replaced with a version containing harmful code through an update mechanism.
• Attackers may exploit the normal update process,
disguising their destructive code as a routine update.
•Users, believing they are simply updating their
software or system, may unknowingly install the malicious version, leading to potential theft of sensitive information, unauthorized system access, or other damage Malicious Update- Example
•CCleaner, a popular utility software used to clean
and optimise computers. In 2017, hackers successfully breached the supply chain of CCleaner’s parent company, Piriform.
•They managed to inject malicious code into a
legitimate software update for CCleaner.
•The malicious update was distributed to millions of
users who trusted the software’s legitimacy.
• Once installed, the update’s hidden malware
allowed hackers to gain unauthorized access to infected systems, collect sensitive information, and potentially deliver additional payloads for future attacks. Race Condition
••A race condition occurs when two instructions
from separate threads attempt to access the same data simultaneously.
• Ideally, the developer should have programmed
the threads to access the data sequentially. •To illustrate, consider a scenario where one person is viewing a file’s attributes, while, simultaneously, another person accesses the same file.
•This phenomenon is referred to as TOC/TOU. In
this situation, the individual accessing the file might modify its data, inadvertently overwriting the information being viewed by the first person. race condition- example
••An example of a race condition could involve an airline
reservation system.
•Imagine two passengers, Alice and Bob, are trying to book the last available seat on a flight simultaneously.
•Alice initiates the booking process and checks whether the
last seat is available.
•At the same time, Bob starts his booking process and sees that the last seat is available. However, Bob also confirms his booking between Alice’s check and booking confirmation.
•The system processes both transactions simultaneously.
•The system, due to the time gap between Alice’s check and booking confirmation, allows both bookings to proceed, resulting in an overbooked flight. memory injections
•It is a technique in which an attacker introduces
(injects) malicious code into a system’s memory.
•Rather than executing malicious code directly on a
host system, the attacker exploits a vulnerability in a legitimate process running on the system, allowing the injected code to run within the security context of the legitimate process.
•This can make detection more challenging, as the
malicious code appears to be part of a trusted operation.
•Memory injection attacks can be particularly
disastrous because they exploit legitimate processes to execute malicious code, making them difficult to detect memory injections- example
•Process hollowing is a sophisticated technique used in memory
injection attacks. It involves creating a new, empty process in memory and injecting malicious code into it.
•Dridex is a banking trojan known for using process hollowing.
It typically arrives as a malicious email attachment.
•Once the user enables macros and opens the document, the malware is downloaded and injected into a legitimate process.
•This allows Dridex to evade detection and execute its
malicious payload, such as stealing banking credentials. SQL injection
•SQL injection attacks allow a malicious individual
to directly perform SQL transactions against the underlying database, violating the isolation model.
•SQL Injection (SQLi) refers to an injection attack
wherein an attacker can execute malicious SQL statements that control a web application’s database server. DROP TABLE PLATES
•SQL injection can damage the database or retrieve
information or manipulate the database SQL Attack Prevention
Perform Update and A B Input Patch Validation SQL INJECTION
C D Use Stored Limit Account Procedure Privilege Cross Site Scripting
• Cross-site scripting(XSS) attacks are a type of
injection in which malicious scripts are injected into otherwise benign and trusted websites
•XSS attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side script, to a different end user
•XSS enables attackers to inject client-side scripts
into web pages viewed by other users Cross Scripting Attack- Illustration
4. Malicious script 2. Presence of this gets executed on 1. There is a Web 3. When user tries to vulnerability in web user browser which Application, Abc.com, access application application servers was injected by hosted on a server, abc.com through its allows hacker to hacker and can steal which has an XSS browser. inject malicious useful information or vulnerability in it. script in web server. any task which this script can do. Impact of XSS
unintended behaviours that are proper in defined use but are performed under circumstances outside the authorised use.
•It is performed against sites that have an
authenticated user and exploits the site’s trust in a previous authentication event.
•Then, by tricking a user’s browser to send an HTTP
request to the target site, the trust is exploited. Cross Site Request Forgery
01 04 Assume your bank allows 4. This transaction gets you to log in and perform executing successfully as financial transactions but banking application think does not validate the that it is being executed by authentication for each user but in reality , it is being subsequent transaction. i.e., executed by another user is not authenticated malicious application again while user transfer opened in another tab or money to other account. browser.
02 03 3. If user is still logged in and has not closed their Now User Opens a Banking browser, then an action in application and authenticate another browser tab could himself on banking website send a hidden request to the bank, resulting in a transaction that appears to be authorized but in fact was not done by the user Prevention of CSRF
01 Train and Maintain awareness
02 Train and Maintain awareness
03 Limiting Authentication time
04 Cookie expiration How to Prevent Application layer attacks
Regularly update software: Patching known
vulnerabilities promptly is crucial
Implement: Use multi-factor authentication and enforce
complex password policies.
Validate user inputs: Sanitize user input to prevent
injection attacks.
Follow secure coding practices: Developers should be
trained in secure coding principles to avoid common vulnerabilities.
Regularly test applications: Conduct security testing to
identify and fix vulnerabilities before attackers exploit them. By Ajit Pal Singh Wadhawan
Medical-Grade Software Development. How To Build Medical-Device Products That Meet The Requirements of IEC 62304 and ISO 13485-Routledge. Taylor & Francis Group (2024)
Medical-Grade Software Development. How To Build Medical-Device Products That Meet The Requirements of IEC 62304 and ISO 13485-Routledge. Taylor & Francis Group (2024)
