0 to 100 mph: Accelerating Visibility for Application Security
In a drag race, how quickly you get off the line sets the tone for the race. From there, it is all about acceleration to maximum velocity in a short distance to beat the clock for the best time on the track. In web application security, there is another kind of race, the race between the attacker and defender. In this race, time is also a factor, can the defender detect and protect against attacks before the attacker is able to exploit flaws in the application? To detect, you need visibility. To detect when time is of the essence, you need accelerated visibility.
In this blog post, I want to highlight what I like to call accelerated visibility, or “going from 0 to 100 mph out-of-the-box”, with Fastly. If you are defending web applications, I’d bet you’ve attempted to get visibility over what threats are hitting your applications in production, and it’s likely you’ve attempted this using access logs. However, I’m sure you found access logs to be very limiting for a number of reasons.
Having visibility into the what, where, and how of injection attacks helps you to understand how your application is being targeted. This information enables you to react in real-time when necessary as well as prioritize your application security resources, e.g., static and dynamic analysis.
Key visibility question:
– Do I know what attacks target my web applications today?
Automated threats are prolific and probe continuously. Depending on your application and web server configurations, this probing could uncover vulnerabilities. Understanding what type of automation is targeting your apps and what resources they are targeting enables you to make adjustments to avoid exposures or block this activity.
Key visibility question:
– Do I know if my web applications are at risk of exposing useful information to automated probes?
The source of traffic accessing your applications is an indicator of potential threats. Knowing where legitimate requests should be sourced from and seeing where requests are actually sourced from enables you to distinguish threats.
Key visibility question:
– Do I know what traffic is sourced from Tor exit nodes or another data center, and if so, can its legitimacy be verified?
When something in the requests to your applications just doesn’t look right, a threat may be lurking. Normal requests from a legitimate user accessing applications with a typical web browser will not contain anomalies. Even requests from legitimate API clients will be (should be) well-formed.
Key visibility question:
– Can I see which requests contain anomalous attributes in order to determine the nature of those requests?
Getting to know how your applications behave operationally is another critical component to understanding when.
Key visibility question:
– When errors in my applications occur, can I determine if they are a result of an operational exception or attempts at exploitation?
Accelerate your visibility
If you’re not able to answer all of the key visibility questions above in the affirmative, then you are not in the driver’s seat to be able to protect against threats facing your applications today.
Having such visibility puts you in the driver's seat, giving you the ability to outpace attackers and defend your applications in real time. The examples I’ve highlighted above demonstrate how Fastly’s Next-Gen WAF can help you jump off the starting line and quickly accelerate to maximum visibility. It launches your application security from 0 to 100 mph in seconds!
