Web Application Security: Real-Life Emerging Threats

In recent weeks, there have been a couple of incidents that caught my attention and had something in common. It started with the ASP.NET POET vulnerability, allowing the attacker to decrypt cipher text by examining server error code. The attack method involved sending many requests to the web server. The second incident was the DDoS attack by WikiLeaks supporters, against a list of web sites including Mastercard, Visa and Paypal.

While at first sight it looks like there’s nothing in common between these incidents, looking at it from a defensive point of view, both incidents indicate a change in the way the web site was being used - in other words a behavioral change.

In order to have a generic way to defend the web site, one should follow these steps:

• Learn what the “normal” traffic rate is coming from web site users.
• Detect any change in the way users are accessing the web site.

In both the incidents mentioned above, usage deviated from what is considered normal (automated tools were involved in both incidents).
These incidents emphasize the need for web application security products that have more than just signature-based capabilities; having the ability to detect behavioral changes in the web application is essential for emerging threats.