ABHILASH SONWANESr. Vice President, Cyberoam

BRIEF PROFILE

Abhilash V. Sonwane is Sr. Vice

President - Product Management for

Cyberoam, a division of Cyberoam

Technologies Pvt. Ltd, where he

is responsible for the product and

technology direction of the Cyberoam

product line of Unified Threat

Management appliances and other

network security products.

Abhilash has around 13 years of

experience in developing products

solutions. He is one of the key

innovators of Cyberoam’s Layer 8

technology that implements the Human

Layer over the theoretical 7 layers of

the network stack. Abhilash’s excellent

grasp of the security industry and

in-depth technical knowledge has been

instrumental in the evolution of the

Cyberoam brand worldwide. A prolific

public speaker, he has addressed

network security forums including

RSA Conference (San Francisco), Virus

Bulletin (Vienna) and more

As we become dependent on Web applications, the security risks that it is subjected to can pose significant risk to an organization’s IT infrastructure if not managed proactively.

WAF AGAINST APPOCALYPSE

RAPID STRIDES made in web technologies has caused business environment to grow more reliant on the internet. With this, web applications have become quite pivotal in business, customer and government ser-vices. While web applications can present unprecedented capabilities, convenience and efficiency, these benefits are subject to several security threats, which could invite significant risks to an organization’s information technol-ogy infrastructure if not managed proactively.

Business applications for accounting, collabora-tion, customer relationship Management (CRM), Supplier Relationship Management (SRM), Enter-prise Resource Management (ERP), content manage-ment, online banking, E-commerce, and many more, are all available on the web and all of them house valu-able, sensitive data!

Old Weapons Can’t Fight New ThreatsAny vulnerability in these applications will cause a significant and irreversible monetary loss. Since a long time, organizations have been relying on secu-rity defenses at the network perimeter to safeguard their IT infrastructure. However, traditional network security solutions like the firewall and IPS are nothing beyond “useless old weapons” for the war against Web applications security!

Sophisticated attacks have now transcended TCP/IP protocols and target potential vulnerabilities in HTTP, HTML and XML protocols, which relates to contemporary distributed web applications. A single URL now encompasses a myriad of applications such as video, email, chat, games, spreadsheets, surveys, P2P file transfer, etc. In addition, business applica-tions interfacing with partners, suppliers and custom-ers such as ERP, CRM, SCM, financial MIS etc are also being delivered over the web. Such enterprise apps use XML-based protocols like SOAP, REST etc and have inestimable complex layers. With such business pro-cesses now being accessed as apps on various devices over the internet, it obviously gives rise to potential new risks that can target and exploit several vulner-abilities in such apps.

The main reason the majority of web application

attacks are successful today is due to the fact that the attackers come in the same way any legitimate user would –all without disturbing the sanctity of RFC’s or W3C standards.

According to the prestigious security analyst firm Gartner, 75% of attacks are directed at the application layer. Moreover, according to the Ponemon Institute, 93% of organizations hacked in the past two years were breached via insecure web applications.

Common Web Application AttacksCyber criminals persistently devise new ways to gain unauthorized access to web applications, and here are several common methods.

SQL InjectionIn an SQL injection attack, the attacker gains access to the entire contents of a backend database including identity information by bypassing authentication to gain unau-thorized access. Here, the input validation vulnerabilities are exploited in the application code to send unauthor-ized SQL commands to a back-end database.

Cross-site ScriptingCross-site scripting attacks the application code by exploiting script injection vulnerabilities where malicious HTML tags or client-side scripting code is injected into HTML form fields and a customer’s login credentials redirected to an attacker.

WormsWorms take advantage of vulnerabilities in commer-cial software platforms and operating systems. Code Red, Nimda, and MSBlaster are some examples of worm infections that spread at an astounding rate, sometimes affecting hundreds of thousands of servers within minutes.

URL Parameter TamperingThis type of attack involves manipulation of param-eters exchanged between client and server. The attacker alters the URL query string parameter values in the browser’s address bar to change application data

GUEST TALK

SME CHANNELSAPRIL 2013

32

SECURITY CORNER

Security corner_Cyberoam.indd 32 20/04/13 9:33 AM

such as user credentials, permissions, and other information.

Cross-site Request Forgery (CSRF)CSRF forces the authenticated user of an applica-tion to send an HTTP request to a target destina-tion, desired by the attacker, without the user’s knowledge or intent. This results into data theft and in case of a full-blown attack, it can compro-mise the entire web application.

OS Command InjectionOS Command Injection exploits vulnerabilities that occur during the design and development of applications. In this, the attacker takes advan-tage of an application vulnerability that results in execution of system-level commands.

Session HijackingSession Hijacking exploits a valid computer ses-sion by stealing or predicting a valid session token and gains unauthorized access to information or services on the Web server.

Web Application FirewallsToday’s advanced threats are targeting security

flaws in the design of Web applications. This has necessitated the development of evolved security measures to be implemented alongside the devel-opment of Web applications. A WAF (Web Appli-cation Firewall) is an appliance or server software add-on that can monitor and block traffic to and from applications. They have become popular in many enterprises, especially those that need to comply with the Payment Card Industry Data Security Standard (PCI DSS).

How a WAF Thwarts Web Application AttacksWeb Application Firewalls sit between the Web client and a Web server to analyze OSI Layer 7 messages for violations in the pro-grammed security policy to protect websites and Web applications from attacks. They function bi-directionally by intercepting incoming Layer 7 attacks before reaching the Web server. In addition, they also ana-lyze Web server responses to protect against potential risks of information leakage in organizations. Placed right in front of the Web server, it becomes the last and first stop for information requests to be entertained, as

well as the information delivery process.

Desired Protection for Customers, Value-driven Business Action for VARsVARs should regularly monitor newly developed Web attacks and follow updated products that detect them to provide effective protection. Busi-nesses large and small are now considering Web application security seriously. They understand that business applications are being targeted as the doorway to sensitive data and cyber crimi-nals are exploiting such vulnerabilities to steal or compromise such information. This state of awareness poses a new opportunity for security resellers to provide their customers with better RoI on their investments in security appliances with WAF subscription to extend evolved pro-tection against threats from Web apps.

Moreover, there also exists a segment of industries such as BFSI and Payment Card industry where regulatory requirements are making adoption of Web application firewalls mandatory. Similarly, any industry where sensitive business and customer data is being accessed or delivered through web apps can benefit immensely with WAF.

SECURITY CORNER

SME CHANNELSAPRIL 2013

33

Security corner_Cyberoam.indd 33 20/04/13 9:33 AM