By David Stern
The proliferation of web based applications has added a new element to perimeter protection. 99% of firewall functionality is geared towards allowing or blocking network packets. It is now just as critical to control the payload of those packets as well. 5 years ago, adversaries primarily attacked unprotected servers. Today, they are attacking the application using nothing more than the HTTP port allowed by the firewall. This is akin to putting a weak gate on an imposing fortress wall. These “layer 7” or application layer attacks exploit weaknesses in OS patches, service configuration, and weak programming practices. The Open Web Application Security Project (OWASP) has been researching and educating the community on these weaknesses for many years. Standard practices such as OS hardening, effective patch management, security development life cycle, and application security assessments are usually enough to protect most applications. For more critical applications such as EDI and e-commerce, there are a number of solutions that inspect incoming traffic at layer 7 and block accordingly. For IT security professionals, it’s no longer about what packets to allow, its about what’s in them.