- Am I being attacked right now?
- Where are the attacks being successful?
Answering these two questions require visual representations in order to detect outliers and statistically
relevant data.
- Business Logic
There are inherently parts of an application that are more important to your business than others.
Do you care if someone attempts XSS on your site? Maybe.
Do you care if the number of failed logins has spiked in the last hour? Probably.
Do you care if those are two events are correlated? Definitely.
Do you care if you are seeing SQL injections and HTTP 500’s spike at the same time? You bet!
When dealing with business logic and attacks specific to the application being defended, its critical to be
able to correlate disparate data sets. This includes:
XSS, SQLi, CMDEXE, and other application security attacks
HTTP errors, Tor exit node traffic, and other anomaly flows
Account Creations, Successful Logins, and other business flows
- Defense against Bots and Scrapers
Some products specialize in keeping out bots and scrapers. Other products like honeypots specialize in
enticing them. Not all bots are http-based, however most application security defense has some method to
deal with bots coming in over http whether that be through:
CAPTCHAs
Analyzing traffic sources
Fingerprinting traffic and headers
Anomalous traffic patterns
Since not all bots are http, a pure application security defense approach won’t cut it. However, most AppSec
programs implement a safety valve at the http layer.
While application security is no longer in its infancy, the playing field is constantly changing and attackers
are pushing the boundaries of their methods. Pin this list to the fridge as your development team
experiments with new architectures -- it will save you some serious headaches down the road.