“People are basically just plopping down really complex servers to do caching, analytics, and loads of fancy complex functionality in front of their Web server without much thought as to whether these features might carry risks.”
Those are daunting words from PortSwigger Web Security Head of Research, James Kettle, in speaking of major—including the Department of Defense—websites’ gaping vulnerabilities through back-end servers.
Kettle used hacker intelligence and collected $30,000 in bug bounty rewards recently for his discovery. He demonstrated holes in the DOD and other big-name commercial websites by dropping “malformed Web requests and phony headers” like magic beans in a fairy tale.
Kettle found back-end server infrastructure such as web caching and analytics; proxy and load-balancing servers can be left hanging in the breeze for attackers to burrow into the enterprise’s internal network through the public domain.
According to an article in Dark Reading, in just a few hours time, Kettle hacked into almost six dozen servers—including prominent brand name sites.
Kettle affirms the exercise is a wake-up call for information security. “People need to treat this like an attack surface. They need to realize shiny features in back-end analytics” can tow hefty security holes, which he says let him repeatedly gain direct access to systems and data that should’ve been secure. Since best practices for network and system architecture were not in place, Kettle could all-too-easily spider out to other systems once he got inside.
Kettle will reveal the high-profile websites he infiltrated and other details of the research at the Black Hat USA conference in Las Vegas next month.
Resolve Systems is a proud sponsor of Black Hat USA 2017 at Mandalay Bay in Las Vegas July 22-27. We will be hosting a booth in Business Hall featuring a live demo on how agile and readily our human-guided automation defuses threats. For a snapshot of our IR in large-scale security breaches, take a look at our latest article.
Resolve Systems is the pioneer—and continues to be the most progressive frontrunner— in enterprise-wide incident response and automation solutions for IT Operations, Network Operations, service desk and Security Operations teams. We’re the only platform that allows you to automate incrementally and pragmatically, with tools like human-guided automation.
What sets us above other security platforms are how we enable the automation of—and embed tailored content into—IR processes for any SOC-driven resolution playbook.
Where some platforms exclusively push closed-loop automation, our customizable human-guided automation doesn’t monopolize incident response; it weaponizes security teams to provide consistent, thorough and formidable cybersecurity.
Automating network health checks & diagnostics accelerates service restoration during severe weather