The following post details, alphabetical order, the first 10 keywords:
- A series of actions and techniques used to mislead attackers and thereby encourage them to take actions that aid in the process of identifying them as a malicious actor or not.
The automated monitoring and analysis of one or more applications, with the initial intent of establishing a baseline of activity to easily identify nuances in behavior and interactions with such application that may signify malicious behavior.
Application Programming Interface (API) Security
The act of (or tools used in) protecting the integrity of an organization’s APIs (owned and external), including the data that passes through these APIs. Tactics for detection and enforcement include, geofencing, denial-of-service protection, brute force protection, In the modern AppSec space, API traffic should get the same level of protection as your web front-end.
Active Attacker Fingerprinting
A uniquely identifying attribute of an attack. Traditional web application security solutions use these signature libraries to scan and pinpoint known threats. Behavior that does not match a pre-determined signature is not flagged. Therefore, when new attacks are identified, a new signature is required. This method is reactionary in nature.
The act of classifying a malicious actor as an automated bot. This is accomplished through a variety of detection techniques, including behavioral analysis, characterization, and more. Even though bots may use disparate, unrelated IP spaces, detection allows us to correlate, associate, and identify them as the same entity. Other techniques such as rate limiting can slow down bots while the evaluation phase is taking place.
An approach to building and running applications that are built for modern, cloud computing models, which includes the use of microservices. Cloud-native solutions operate in a container-based environment, which facilitates resource isolation and makes them API and microservice friendly.
Contextual Behavioral Analysis
The process of analyzing the behavior of an application and/or an attacker to determine the risk level it poses on an organization, keeping the circumstantial context in-mind. This method enables decisions to block or flag entities to be made with additional data and results in fewer false positives.
Cross Customer Correlation
The act of correlating the behavior of malicious actors on one set of web applications to the behavior of suspicious actors on another set of web applications to help determine the true risk of the suspicious actors. If a new entity is exhibiting similar behavior to another entity that had subsequently been blocked, the risk of the new entity will rise dramatically.
The “kill chain” was originally used by the military to signify the progression of a planned attack. This concept was adapted to the web application security space by Lockheed Martin to monitor hackers as they take malicious steps towards an attack, from pre-exploitation to post-exploitation. The various phases are: Reconnaissance, Scanning, Web Application Mapping, Brute Force Attack, Denial of Service, Exploitation, and Malware Communication.
Stay tuned for subsequent posts as we continue to detail the top keywords for professionals in the web application security space.
*Imperva State of Web Application Vulnerabilities in 2018
*** This is a Security Bloggers Network syndicated blog from ThreatX Blog authored by Mackenzie Jacobson. Read the original post at: https://blog.threatxlabs.com/web-application-firewalls-101-keywords-to-bookmark