Effective Cyber Hygiene - Breach Defense using Web Application Scanning
If you have been paying attention to the news lately, the name Equifax will have been on most IT professional’s lips, for good reasons or bad. The primary point of entry for the attack and subsequent leak began with an Apache Struts vulnerability, which Tenable wrote about way back in March.A patch had been available for that particular vulnerability for at least two months prior to the breach. To make matters worse, the site that Equifax set up in response to the questions raised by the breach was still riddled with vulnerabilities.
We all have experience of working in organisations where change management can be a slow process, but the scope of the patch actually meant little to nothing would require changing on the Web Application once the relevant patch was applied, and only a few moments of downtime per server to restart.
With this in mind and putting aside the hysteria that has been hitting mainstream press about lack of security in large organisations, a question I have been asked a lot this week is, “How could this attack method be detected quickly?” often with the end goal of rapid remediation to stop similar attacks occurring in future. One answer is surprisingly simple and boils down to employing Cyber Hygiene or penetration/OWASP testing against applications on a regular basis.
No matter what applications you expose to the Internet; how small your digital footprint may appear to be, someone out there will probe our servers once to attempt to find a foot in the door. Whether that door is open or not is up to you, and Tenable has a solution to help here.
Tenable.io recently released their new Web Application Scanning portion of the cloud based scanning utility. Of course, Tenable has offered Web Application Scanning on their external scanning for a long time, but the latest version offers improved support for HTML5 and Ajax web applications, and offering greater integration with the standard Vulnerability Assessment portion of Tenable in general.
For more information on Tenable.io or if you would like to see a demonstration, contact us today!