Six Elements of Web Application Security Protection"

Web applications are more difficult to ensure security than client applications, because they do not have the same number of web applications and user-defined scripts as web servers with four or five major vendors, in addition, each vulnerability may contain potential vulnerabilities. For developers, the best way to ensure application security is to use recommended security measures and software that can scan code and remind users of potential security issues. The administrator needs to periodically scan vulnerabilities on the website.
Application Security is mainly controlled by application developers. Administrators can tighten the security of some applications, but if the application itself is not secure, it is impossible to ensure its security.
It is difficult to write secure applications, because all aspects of the application form the user interface, network connection, operating system interaction, and management of sensitive data, A large amount of security knowledge is required to ensure its security. Most programmers do not have this knowledge or consider the importance of application security to measure additional work.
However, from the perspective of managers, there are some security issues to keep in mind:
· Operation permission
· Application Management
· Application updates
· Security integrated with the operating system
· Remote Management Security
· Session Security
Element 1: Operation permission management
Administrators should try their best to set low permissions for applications. This prevents multiple computer threats:
· If the application is exploited by attackers, they will have the privileges of the application. If the permission is low enough, attackers cannot perform further attacks.
· Low permissions protect computers from embedded Trojans (in applications) because they have less permissions to process Trojans.
· When applications have low permissions, users cannot store data in sensitive data areas (such as operating system fields) or even access core resources.
When developing applications, programmers often make assumptions to save development time. Some of these assumptions require management permissions for access. This reduces programming time, But it reduces the Administrator's ability to protect system security. When a common user is granted administrative permissions, the user can delete or access the surrounding configurations to threaten security.
When installing a program, because the installer may need to access sensitive Operating System directories, it usually requires higher permissions or even management permissions. It is best to first install the application on a test computer with similar configurations. In this way, you can see whether there is a problem before installing the computer. If the application requires administrator permissions for no obvious reason, or you do not trust the application, you can run it in the sandbox. Sandbox is a security application that intercepts system calls of running applications and ensures that the application can only access resources permitted by the Administrator. Sandbox can restrict access to the registry, operating system data directories, and networks. Isolates applications from sensitive OS regions and other user-defined sensitive data domains.
Element 2: Application Management
Most applications provide interfaces for Management (mainly used for application configuration), and each method is used to generate security risks that need to be addressed, such:
· INI/conf file
· GUI
· Web-Based Control
The most basic method for managing an application is to control it through text-based files. To protect such applications, administrators need to restrict access permissions. If the file is stored locally, you can use the built-in OS permission management system. If the file is stored elsewhere, you can log on to the remote storage location through Identity Authentication (to ensure that the authentication method is protected ).
Most applications have a graphical user interface for managing them. In addition to providing GUI-level security, administrators should ensure the communication between graphic user interfaces and applications.
When the GUI and the application are physically on the same computer, the administrator should give the GUI as few permissions as possible (if necessary, the application can have higher permissions ).
Element 3: application updates
Using the latest security patches to keep your applications updated is one of the most important security measures you can take. This section describes how to easily update an application:
· Manual update
· Automatic update
· Semi-automatic update
· Physical updates
Manual Update
Manual update requires the Administrator to manually download a file (or use the provided media, such as CD) and install the update on the relevant system. This option is the most undesirable because it forces managers to spend extra time patching a work system. Manual update is a very common open-source project (such as Apache ).
Automatic update
When an application uses automatic updates, it regularly checks the website. If it exists, it downloads and installs it on the system. There are two problems with this method:
· Bandwidth usage: consider running the same anti-virus software automatically updated every day on thousands of computers. Each day, a copy of the same update is downloaded to thousands of computers running the program.
· Install problematic patches: Sometimes patches (the vendor fixes security issues and vulnerabilities by releasing and updating the software) cause more disadvantages than good because the patches are eager to solve critical problems. Developers cannot predict all possible environments. patches can stop applications or cause program disorder. This is why testing is necessary.
Semi-automatic update
Some applications allow administrators to decide when to download updates. After the update is downloaded, the application allocates the update download to all connected clients.
Physical update
Update the system using the actually received update. A targeted attacker can create a "fake" patch by forging an update that looks like the original but contains Trojans or other malware. To defend against such attacks, administrators can check the updated size and CRC32 signature on the vendor's website and compare it with the actual copy.
Element 4: security integration with the operating system
When an application integrates the security of the operating system, it can use the security information of the operating system, and even modify the operating system as needed. This is sometimes an application requirement, or it may provide an optional feature. Operating system security integration allows applications to access the list of users and their permissions, whether on the real-time operating system. Imagine that thousands of employees in an organization need to access the central enterprise resource planning (ERP) application. Administrators can manually enter thousands of users to access the ERP console and their permissions. However, this method is time-consuming and requires dual management. If an organization has more than one central system, manual input is required, which is worse.
Manual Security Information Input
An application allows the Administrator to import all user information and use it to manage application authentication. Although this method may accelerate application deployment, there will be dual management later. For example, when an employee leaves the organization, the Administrator must delete both the user list and the Application List.
Another question to consider is how the application stores user information. Is it protected? Encryption? Plaintext storage? If you do not trust your application's Data Storage Security, You can encrypt the entire hard disk.
Automatic Integration of security information
Automatic Integration of security information allows applications to query operating system user creden。 in real time. In this way, both the initial deployment time and the dual management issues are solved. However, there are two problems in this case:
· If the OS user database is deleted or lost, the application cannot be accessed.
· User databases connected by applications and operating systems must be protected to prevent attackers from eavesdropping or using fake servers to obtain information about users.
Operating System Security Authorization
Applications can use operating system security authorization. In this case, the application sets a special directory or resource (such as shared memory, a channel or named pipe) that can only be accessed by users who have certain privileges and the operating system is protected, access this directory or resource.
Ensuring secure integration of operating systems is optional and not necessary
Sometimes it is necessary to deploy a small application that will use Security Options with only one or two operating systems. If an application forces us to use the option integrated with operating system security regardless of the specific application scenario, the result will only be less secure (if it uses an insecure method) and reduce the deployment Speed (because we only have one or two users ). In addition, administrators may not want applications to be able to modify user directories (and potential damages ).
Element 5: Remote Management Security
Most applications today provide remote management as part of their functions. The key is security. If attackers try to penetrate the management facilities, other security measures can be damaged or bypassed. Remote Management is required for various reasons:
· Transfer Server: The administrator needs an interface to manage all transfer Web servers (the computers belonging to the organization system are actually located at the ISP ).
· Outsourcing services: management of security products requires some knowledge that organizations do not possess. Therefore, they often outsource their entire security management to companies specialized in this field. To save costs, the company needs to manage all its security products through the Internet.
· Physical distance: Administrators may need to manage a large number of computers in an organization. It is a tedious and time-consuming task for some organizations to enter the computer across several buildings (or cities. In addition, physical access can be restricted to actual data centers.
Use the Web interface for remote management
Using the Web interface to remotely manage applications or computers has many advantages, but it also has costs and some advantages and disadvantages. The following are some advantages of remote Web management:
· Rapid development time: in terms of development, debugging, and deployment, developing a web interface is faster than developing a GUI client.
· Operating System Support: Web interfaces can be accessed from all major operating systems through a browser (unless the developer uses a specific operating system solution, such as ActiveX, which can only run on Windows ).
· Accessibility: A Web interface can be accessed from anywhere on the Internet. Even if the administrator is not in the office, the administrator can perform management.
· User learning curve: the Administrator knows how to use the browser, so the Administrator learning curve is shorter.
Although remote Web management has some disadvantages, It is negligible for most administrators. Note:
· Accessibility: Because Web management can be accessed from anywhere, it is also possible for hackers to attack.
· Browser control: Because the browser controls interfaces, attackers do not need to design special products to control the GUI (which may be insurmountable ).
· Support: Web-based applications are generally easier to support and maintain.
Verify Web-based Remote Management
When connecting to the remote web management interface, the first thing to be clear is the authentication process. If the verification is weak, attackers can bypass it to control applications or computers.
HTTPAuthentication Method
In-depth research on remote management issues, it is very important to verify the current method of HTTP connection through the existing available:
· Basic identity authentication: When a page requires basic identity authentication, the error code it returns to the browser is 401 (unauthorized), and it is required to specify the basic identity authentication. The browser uses BASE64 encoded usernames and passwords and sends them back to the server. If the login succeeds, the server returns Code 200, which means everything goes well. If logon fails, the system returns the same 401 error code as before.
· Brief authentication: Brief authentication is a challenge provided by Web servers. MD5 is used to break down the user name and password.
· Secure Sockets Layer (SSL): SSL can be configured to provide client certificates (optional) and verify the identity of users when they have a known certificate.
· Encrypted Basic Authentication: Basic authentication can be used in combination with conventional SSL (Secure Sockets Layer. This encrypts the entire session, including the username and password of BASE64 encoding (which is a very weak encoding and is easily decoded and therefore not encrypted.
· Verification code: This is a popular method to verify that the other end of a person is a human. It displays the letters and numbers of a distorted human body image and requires the user to enter them correctly for verification purposes.
Remote Management at the Protection Network Layer
The best solution for securely logging on to a network-managed server is either using regular SSL or encrypted basic authentication, in this example, regular SSL can check the client certificate (SSL can also verify with a third-party Certificate Authority whether the server is the one you want to connect ). Another option is to use secure custom login (which needs to be implemented with the server script), but this may include network attacks.
Custom Remote Management
The Network Administrator uses GUI (graphical user interface) or application console to remotely control some program processes. Such programs include SQL (database) servers, Exchange servers, firewalls, and intrusion detection systems (IDS. An application may also use a probe to control the client, and an IDS can do this. VPC connection has some security issues that need to be solved (network connection is one of them ). Like remote network management, custom remote management has both advantages and disadvantages.
Advantages of custom Remote Management:
· Complex graphics: sometimes complex graphics to be presented on the console cannot be displayed on a common network management interface
· Authentication and encryption: applications can use a more powerful authentication method or a stronger encryption method to ensure session security (for example, using a larger key length not supported by SSL)
· Availability: This type of application can only be controlled by a dedicated GUI. Attackers must install this specialized GUI on their own computers (and access and installation of this GUI may not be implemented)
Although custom remote management has some disadvantages, it is usually not important for most administrators. However, they are also worth noting:
· Specific operating systems: some vendors require a specific OS to run the control GUI. If such a specific OS is not installed, the Administrator must install it by himself (if the operating system is not free of charge, managers also need to spend extra money ).
· No availability: only a computer with a GUI can manage the application. If the Administrator is not in the office, there may be no way to manage the application on another computer.
Element 6: Session Security
Session Security between the client (GUI or console) and the application is very important. Otherwise, attackers may be able to obtain information, steal creden, or even replay attacks. If a session is called insecure, the administrator can easily pass it to a secure location through VPN or secure tunnel (SSH.
Some applications use network services of the operating system, such as Remote Procedure Call (RPC) or Distributed Component Object Model (DCOM), which allows administrators to add data integrity, encryption, and authentication. If you do not trust the operating system security measures, you can connect to the network through a VPN connection.
In general, just like connecting a Web application, if it is an option that the application does not support, we cannot force secure communication. The solution is to either use a VPN or connect to a data session through a secure session (SSH.