KEMP Security Series – Part 1: Application Security
One of the seminal security events each year is the release of the Trustwave Global Security Report. The 2016 report, which is based on data collected in 2015, was released earlier this year. It is a sobering read. One headline figure is the astonishing fact that 97% of the web applications they tested had at least one known vulnerability. To put this 97% figure into context it’s worth noting how comprehensive the Trustwave Global Security report is: It summarizes the security vulnerabilities detected on their security infrastructure installed with client organizations and also collects feedback from their security services business. The report uses data from millions of network vulnerability scans and monitored web transactions, thousands of web application security scans and penetration tests, plus the monitoring of billions of emails from managed organizations in 17 countries.
While still bad, the security of applications improved slightly in 2015 from the previous year. This is down from 98%, and to an average of 14 vulnerabilities per application from 20, in 2014. The vulnerabilities discovered in 2015 fall into ten main categories that closely align with the well known OWASP Top Ten list. The ten categories ranked by order discovered and the percentage of applications affected were:
- Session Management – 64%
- Information Leakage – 56%
- Cross-Site Scripting (XSS) – 51%
- Web Server vulnerabilities – 41%
- Authentication and Authorisation issues – 39%
- Cross-Site Request Forgery (CSRF) – 16%
- SQL Injection – 14%
- Insecure Resource Allocation – 10%
- Unauthorized Directory Access – 7%
- Remote Code Execution – 4%
We outline many of these vulnerabilities in more detail in our OWASP Top Ten series.
KEMP Security Features
KEMP LoadMaster, when deployed with the KEMP Web Application Firewall (WAF), can help protect your web applications against the common vulnerabilities highlighted in the Trustwave Global Security Report. It combines Layer 7 Web Application Firewall protection with other application delivery services such as intelligent load balancing, intrusion detection & prevention, edge security, and authentication. It also includes ModSecurity, the world’s most widely deployed web application firewall engine, and is augmented by threat intelligence from Trustwave.
In addition to the functionality in WAF, other core features of LoadMaster also help protect your applications. Layer 7 packet inspection allows LoadMaster to filter traffic to your applications and only pass on correctly formed requests, thus eliminating a common attack method. LoadMaster also allows you to enable security policies based on SSL/TLS, including offload of the processing for these security protocols onto the LoadMaster which is optimized to process them much faster than application and web servers can. LoadMaster can also enable the security architecture for applications to be optimized by acting as the proxy server for application requests, and by handling IPSec traffic.
The Trustwave Global Security report demonstrates that most organizations need to do more to mitigate risks to their applications on the web. KEMP can be you partner in achieving this as we have the experience and the tools you need. Deploying LoadMaster with WAF as part of your network infrastructure helps deliver defense in depth for your web servers and applications. Our cost effective solutions allow you to start with the protection you need today, and then scale and grow as the number of users of your applications grow. In addition to providing the protection you need we also make it easy for you to deploy and manage a LoadMaster solution. Predefined templates are available for many popular web applications with the right settings for most scenarios pre-set. We also provide a Trustwave application rule pack based on their guidelines. You can adjust these templates as required, and also create your own rulesets to deliver your organization’s precise needs.
Application security is a multifaceted and ever-changing task. It needs to be applied at multiple levels of the infrastructure that serves applications. One thing that is clear is that security should be provided on the network before requests reach the backend application servers. Deploying LoadMaster alongside your other network security tools, such as firewalls, will allow you to provide the best protection you can against the multiple threats outlined in the Trustwave Global Security Report.