![]() ![]() This approach is particularly useful for shared application servers and databases along with cloud-deployed environments. Starting the test from a compromised application server offers a whole new attack surface such as access to the code, the configuration files and the data sources. Even if the organization runs an application audit regularly, recent events have proven that no company is safe from mass exploitation of a vulnerable dependency or a backdoor. For instance, this is the case when servers host multiple applications or when these servers share the same network. Breached applicationsĪs a breached application is by itself a serious issue, this initial access can lead to additional ones. Rather than assuming an attacker will never get inside the company or breach the Internet-facing applications, it begins from a compromised asset and aims to see if the breach can be extended to a larger scope. The “assume breach” approachĪs the “Defence-in-depth” concept applies to the whole information system and even further, the breach simulation is an approach for both application and infrastructure. ![]() While the maturity increases over time, through incremental steps, we can push the testing and recommendation level further to simulate motivated and resourceful attackers. ![]() Recommendations shall not be too ambitious for the in-house workforce as well as aligned with the security budget. Moreover, tests and recommendations shall suit the company’s maturity level. To fully benefit from the offensive Assume Breach approach, proper threat modelling must be associated with the testing: what is the attacker profile and what are the motives of an attack for a given perimeter? With classic approaches, the organization’s penetration tests do not integrate nor consider the attacker profile properly. Realistic testing aligned with company maturity This is why realistic testing together with an “assume breach” methodology adds value for a better preparation to breach. Without “testing in-depth” it is not possible to simulate and evaluate the most realistic attack path an attacker will use. The “Defence-in-depth” concept is quite popular. From there, the attack could extend across shared servers or connected network zones up to the most critical assets. This is exactly what happens when you test the external network from the Internet. For the intruder, this is straightforward access to the crown as well as the easy fall of the whole castle. Nevertheless, the in-between doors are either flawed or left open. The path to the vault is carefully partitioned. The theft is patiently waiting at the door to take advantage of this flaw and immediately break-in. However, at some points, a critical flaw appears on the lock. The highly secured main door is checked regularly. Let’s compare this to a crown kept safe at the end of a long corridor with multiple doors. One can be pretty sure that the first line is secured, but another one can also be completely blind about what could happen next if it is not the case. Indeed, the classic model shows its limits when an application or a network has been tested many times. For the past two years, we observed growing requests of companies towards realistic tests based on breach and crisis simulations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |