Threat actors looks for vulnerabilities within web applications and attempt to exploit them.
Input validation ensure the data input is validated by the web application to ensure malformed data is not injected.
Using syntactic validation ensures the input type of validated.
Using semantic validation ensures the user enters data as it is expected by the system.
Input validation can help reduce the risk of SQL Injection and other web application attacks.
Whitelisting is used to permit a set of characters which are allowed on a web application.
Blacklisting is used to banner or deny characters from entering a web application.
Using HTTP Headers can be used to upload data/files to a server.
Used to retrieve data about the backend server and web application.
Vendors uses a digital certificate to help users to verify the software vendor, code integrity and digital signatures.
Provides trust from the software vendor to the user.
Cookies contains session information about a user when they are visiting a website.
Sensitive information is stored in a cookie about the user.
Ensure HTTPS is used to prevent a threat actor from gaining the cookie and its information.
Automated process which is used to analyze code to look for vulnerabilities.
During the analysis process, the code is not actively running in real-time.
This technique is used to help software developers to detect any issues at the early phases of the Software Development Lifecycle (SDLC).
This method is a manual process conducted by a human tester.
Checks each line of the code for any errors.
Automated process which is used to analyze code to look for vulnerabilities.
During the analysis process, the code is actively running in real-time to understand its behavior.
This an automated process.
This is a technique which application developers uses to inject malformed data into the application to determine how the application reacts and handle issues.
Security application which is used to detect and mitigate various types of malware.
Signatures/definitions
Behavior monitoring
Heuristics and AI
Cloud-based submissions
Sandboxing vs. quarantining
Endpoint threat detection
Monitoring endpoint behavior
Real-time monitoring
Uses Indicators of Compromise (IoC) such as Fireye EDR and Datashield EDR
Monitor and prevents data from leaking the organization's netwok.
Host-based Intrusion Detection System (HIDS) - Detect and Alert only
Host-based Intrusion Prevention System (HIPS) - Detect, Prevent and Alert
Looks for malicious activities and applications running on your local computer.
This type of firewall is installed on the local system.
Filters traffic entering and learning the local system only.
This type of firewall is able to operate at all layers of TCP/IP.
IDS and IPS
DLP
URL Filtering
DNS Filtering
Change the default credentials on the system.
Disable default accounts.
Do not default configurations.
Ensure the Administrator account is secure.
Implement proper patch management within the organization.
Firmware Protection
Ports and Services
Ports and Services Best Practices
Firewalls
Antivirus
File and Disk Encryption