CompTIA Security+ Cert Prep: Application Security Threats
It is nearly impossible to find a corporate network today that doesn’t have a connection to the Internet. While this ability facilitates many business and customer processes, it also opens up networks to security threats.
Web browsers are subject to a specific category of attack. Understanding how to secure these connections is an essential component of IT security strategy.
CompTIA’s Security+ is a vendor neutral exam, that certifies expertise in IT security.
We’ve covered the overall Security+ exam objectives in the past. On of the topics (objective 1.4), deals with application security threats. In this article, we’ll examine each of these threats.
Security controls can be implemented in both hardware and software. In terms of software or application security, certain procedures and settings can be used to help thwart unauthorized access. And more recently, security is being considered and actually coded in during the software development process.
ActiveX is a Microsoft Technology that is used to add functionality to web pages. It is used to facilitate various multimedia viewing and also altering browser functions, but hackers have exploited vulnerabilities in this application to install malicious software on unsuspecting user’s browsers.
Java is a programming language developed by Sun Microsystems. The benefits of Java is that the developed applications could run under any operating system. This made it a perfect tool for web development, but also opened up browsers to attack. The problem? Many programmers were not trained how to build security into their applications.
Scripts are essentially programs and can be coded in many languages. In terms of the web, things like shopping carts, login systems and tools that collect user data are all types of scripts. Like Java, the code behind the script can be exploited and delivered right to client computers.
Firefox, Internet Explorer, Chrome, Opera – the day when one browser ruled are over, but the threats continue to grow. In order to help address security issues, browsers now have their own security settings. With the addition of browser plugins or addons, additional security controls, like pop-up and ad blockers can be implemented.
• Buffer Overflows
A buffer is a temporary storage area for programs and processes. A buff overflow happens when a program tries to store more data than is allowed, and the excess flows into other buffers. This overwrites and corrupts that data. The extra data can contain malicious code.
If you’ve ever entered information into a website, say like preferences, these are usually stored in a cookie. The cookie is placed on your hard drive for future retrieval, like the next time you login. Cookies do not contain malicious information, but they do contain your personal information. Things like login credentials or credit card data can be sent in plain text, making them susceptible to packet sniffing.
• SMTP Open Relays
An SMTP open relay is a mail server configured to allow anyone on the Internet to send email through it. Of course, spammers and worms have exploited this initial Internet technology. Consequently, many have been shut down.
• Instant messaging
Instant messaging programs might seem innocent enough, but the open port that they use to forward message, provides an open entry point for potential attacks.
Similar to instant messaging, peer to peer file sharing involves opening a port to allow for peers or individual users, to share files. In addition to this entry point, there is also the danger of downloading a virus infected file. Best best here are to restrict sharing options and scan everything downloaded.
• Input validation
Data validation is simply ensuring that the data entered into a form, say something like telephone number or country codes, are correct. Incorrect data can corrupt databases or lead to security vulnerabilities.
• Cross-site scripting (XSS)
In this exploit, attackers can insert malicious code into a link that appears to be from a trusted site. If a user clicks the link, a program executes that allows an attacker to pilfer sensitive information. This attacks have been known to appear in email messages, requesting a user click on a link as well.
Final Thoughts and Security+ Exam Preparation
Application security threats are particularly difficult to manage because the exploit is often caused by gaps in software development. Educating end users on sound security best practices and maintaining current software patch levels are the best defense mechanisms.
If your goal is certification, Train Signal offers Security+ training to help prepare you for the exam and also teaches critical skills that are applicable in the workplace.