The Threat Landscape.

Publicated on : 1177612660
Threats and attacks are changing fast online. It's hard to keep up with all the things going on. I only have to take a look at the zillions exploits for Microsoft alone and I get the shivers. And who read all the manuals? there is so much information that it is impossible to grasp all the threats. A lot has happened the last years and still the end is not in sight. New exploits are found, launched and exploited on a daily basis. Against web servers, personal computers, and mobile devices. What can go wrong? and what is the real threat landscape today? What can we do? should we develop firewalls that actively scan incoming scripts? look for signatures in web pages? or is browser security enough? How come we have denied things like XSS & CSRF for so long? It seems that the new threat landscape is getting clearer and clearer.

It's estimated that around 78% of all attacks today are launched against port 80. This is what we call the web application attack layer. These include XSS, SQL injection and Buffer overflows. Some say this threat landscape is largely denied for several years. And it seems that due to the mounting threats it is becoming a reality. Security firms are paying money for flaws, but the bad guys triple that amount of money for a single flaw found in Vista. Around 10 years ago, when someone wanted to TELNET to a computer, it could be almost done by default. It is unimaginable to have the TELNET port open by default these days. And looking back into history, there is something that must be changed.

It just isn't safe enough anymore as we liked to think 10 years ago, the net has become bigger and the threat landscape moved from network attacks to the web application layer. I think we are now on a certain slope and will see it tipping over soon. More and more we see that researchers and hackers investigate the web application layer and developing exploits to attack and compromise it. Browsers which can execute Javascript are used by 95% of all surfers. Javascript enters a computer right through the firewall. Nothing stops it from executing on a computer. So is browser security alone enough? No, I guess that is not going to stop all attacks.

Isn't this a bit strange? we let Javascript pass the firewall unscanned and sit in our browser to execute and do stuff that could compromise our privacy or security. Then we let the browser to handle it further. Javascript has the potential to become the glue between an attacker and our PC. There have been countless exploits developed, Javascript worms and other malicious scripts. And all it seems is that we can do is watch how this show unfolds and possibly turn off Javascript. But I think it's too late, Javascript has become part of out lives to fully abandon it.

The coming years will interesting ones I think. The thirst for protection against Javascript attacks is huge. Now we need a way to clench this thirst. Personally I think that researching the possibility of web application firewalls is going to be important. And I'm bold enough to say that it will become inevitable in the near future. Who knows, it sounds like an excellent idea to follow in the trails of the original firewall idea.