Anatomy of Web Application Abuse

Misunderstandings about the nature of a Web application attack often lead administrators to believe that they are not at risk. An application-related data breach is typically viewed as a one-time event, a piece of shocking news about someone else's misfortunes that appears briefly in the technology press and fades away. The reality is that for a long period the application was being abused and data stolen without administrators knowing. Without a way to flush out and highlight user sessions that are engaged in low-level abuse, administrators can only wait until the damage is done. At that point, their only real option is to make defensive changes to the application code and re-launch as quickly as possible.

The truth is that application abuse is very common. It's just hard to see. When advanced attackers approach an application, they are very aware of their footprint. They execute the attack in phases that balance visibility with effectiveness. Administrators need to understand these phases before they can identify and respond to abuse effectively.

Phase 1 Phase 2 Phase 3 Phase 4 Phase 5

Phase 1

Silent Reconnaissance

Phase 2

Attack Vector Establishment

Phase 3

Attack Implementation

Phase 4

Attack Automation

Phase 5

Maintenance

 

For more details on the phases of Web Application abuse download the following resources.
Download Whitepaper - Understanding and Responding to the Five Phases of Web Application Abuse.
Download here » Watch Webinar - How Web Applications are Attacked.
Watch here »


© 2012 Mykonos Software, Inc. All Rights Reserved.   Legal | Careers | Contact | Support
linkedin Slideshare RSS Follow us on twitter Stay Connected: