operations security 4

Apache Struts Vulnerability- Equifax

In recent days Equifax has faced major vulnerability by using open-source Apache Structs, Equifax is one of the major companies that provide customer credit information. It has faced biggest criticism for practicing poor security design, which lead to expose personal details of its customers.

Attacker sends http request to Equifax server, which contains special characters in the query which would get the OS level details, as the application is designed to trick some OS level details to process a request. Attackers, got the database credentials and exposed personal details of Equifax customers.

Major cause for the attack is, Equifax was using an older verion open source Apache Structs framework, it is advised for an enterprise to keep updating open source frameworks or software, in fact Apache software foundation has already provided a patch or fix for vulnerability CVE-2017-5638, which is a vulnerability for expression language in Struts framework. But Equifax, a credit monitoring company was light on the vulnerability details. As a result, it was prone to attack, by simply injecting simple SQL query in to Equifax database and download all the customer details.

Security measures against vulnerabilities:

1. Existing security playbooks must be updated with the latest vulnerabilities.

2. The playbooks consists of the directives and guidelines, which would direct for testing the security system of the infrastructure.

3. End point URI has to be HTTPS instead of HTTP, a trusted client-server handshake will happen, when your end point url is made HTTPS, it can be achieved by a getting signed certificate from a authenticated certificate vendor and Installing on your JVM, ie, the instance your application is made to run on.

4. Database credentials has to be encrypted using advanced cryptographic technique, more over at the time of storing data, encryption technology has to be implemented.

5. Enterprise level applications has to be frequently visited to check the security framework and update to the latest version of the released framework.

Comment on this post. Either agree or disagree with their suggest and provide a reason why you agree or disagree.

I Need a reply for discussion

 
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.