Its hard to secure your IT services and applications. The list of possible attacks is long, as shown in the Mitre Att&ck framework, the OWASP lists and so on.
What helps drastically reducing the attack surface is to use mutual TLS (explanations see https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/ or https://en.wikipedia.org/wiki/Mutual_authentication#mTLS or https://www.youtube.com/watch?v=x7B5CwcxCDI or https://www.ietf.org/rfc/rfc5246.txt) for authentication to establish access to your service/application. If you use certificates to authenticate your clients before accessing the first byte to of your service/application, you stop attacks at OSI layer 5. The attackers cant reach OSI layer 6 and 7 which contain the most vulnerabilites and weaknesses by far.
I've asked ChatGPT to make a list to compare regular web applications with web applications, which use mutual TLS:
Attack Type | Regular Web Application | Secured Web Application (Mutual TLS) | Mitre ATT&CK Tactic(s) |
---|---|---|---|
Cross-Site Scripting (XSS) | Vulnerable | Protected | Initial Access, Execution, Persistence |
SQL Injection | Vulnerable | Protected | Collection, Credential Access, Execution |
Cross-Site Request Forgery (CSRF) | Vulnerable | Protected | Initial Access, Collection |
Session Hijacking | Vulnerable | Protected | Collection, Credential Access |
Brute Force Attacks | Vulnerable | Protected | Credential Access, Execution |
Clickjacking | Vulnerable | Protected | Collection, Defense Evasion |
Directory Traversal | Vulnerable | Protected | Collection, Exfiltration |
File Upload Vulnerabilities | Vulnerable | Protected | Execution, Collection |
LDAP Injection | Vulnerable | Protected | Collection, Credential Access |
Man-in-the-Middle (MitM) Attacks | Vulnerable | Protected | Collection, Credential Access, Execution |
Remote File Inclusion | Vulnerable | Protected | Execution, Collection |
XML External Entity (XXE) Injection | Vulnerable | Protected | Collection, Credential Access |
Security Misconfigurations | Vulnerable | Way less vulnerable | Defense Evasion, Discovery |
HTTP Header Injection | Vulnerable | Protected | Defense Evasion, Execution |
DDoS Attacks | Vulnerable | Way less vulnerable | Impact |
API Security Issues | Vulnerable | Protected | Collection, Credential Access, Execution |
HTTP Parameter Pollution | Vulnerable | Protected | Defense Evasion, Execution |
Session Sidejacking | Vulnerable | Protected | Credential Access, Collection |
Social Engineering Attacks | Vulnerable | Protected | Collection, Defense Evasion |
Cross-Site Tracing (XST) | Vulnerable | Protected | Credential Access, Collection |
Fuzzing Attacks | Vulnerable | Protected | Execution, Defense Evasion |
Cryptanalysis | Vulnerable | Way less vulnerable | Collection, Credential Access |
Reverse Engineering | Vulnerable | Protected | Collection, Credential Access |
Subdomain Takeover | Vulnerable | Protected | Initial Access, Collection |
Session Token Theft | Vulnerable | Protected | Credential Access, Collection |
Vulnerabilies/0days | Vulnerable | Way less vulnerable | Initial Access |
Broken Object Level Authorization (BOLA) | Vulnerable | Protected | Credential Access, Authorization |
Improper Rate Limiting | Vulnerable | Way less vulnerable | Defense Evasion, Impact |
Insecure Direct Object References (IDOR) | Vulnerable | Protected | Collection, Credential Access |
Insufficient Logging and Monitoring | Vulnerable | Way less vulnerable | Discovery, Defense Evasion |
Insecure Deserialization | Vulnerable | Protected | Execution, Defense Evasion |
Lack of Resources and Rate Limiting | Vulnerable | Protected | Defense Evasion, Impact |
Mass Assignment | Vulnerable | Protected | Credential Access, Collection |
Insecure Cryptographic Storage | Vulnerable | Vulnerable | Collection, Credential Access |
Use of Components with Known Vulnerabilities | Vulnerable | Way less vulnerable | Collection, Execution |
Unvalidated Redirects and Forwards | Vulnerable | Protected | Defense Evasion, Initial Access |
XML External Entity (XXE) Injection | Vulnerable | Protected | Collection, Credential Access |
Caution: This is a simplified point of view - it is only focusing on the inital access. Mutual TLS certificate based authentication make the initial access for attackers almost impossible. Therefore most attacks are not possible anymore without the attackers gets his hands on a client certificate with its private key. However your IT stack is still vulnerable to OSI layer 1-5 attacks as well as e.g. to vulnerabilities within OpenSSL, LibreSSL etc.
No comments:
Post a Comment