Six Paths to Mitigating Application Security Risks
Read about common risks modern enterprise applications face, such as bugs in build tools, exposed secrets, and configuration errors.
Join the DZone community and get the full member experience.Join For Free
Many organizations struggle to adopt application security practices that effectively protect software, data, and users. The good news, though, is that many of these risks are often preventable.
From bugs in build tools, exposed secrets, and configuration errors in provisioning, infrastructure, and deployment tools, here are six common risks modern enterprise applications face, along with ways to mitigate each.
1. Vulnerabilities in the VM, Container Operating System, or Server
The VM Problem
While virtual machines (VMs) are isolated from the physical operating system, virtualization software exploits can spread malware to the physical system in several ways:
Scripts can run on a compromised host and interact with logged-in users.
An attacker can maliciously install trojans on the host and guest machines.
An attacker can create an account with admin privileges, enabling them to read, collect, or destroy company data.
Another risk is VM sprawl, which is when developers create VMs for testing but fail to delete them afterward. This not only causes security concerns but also consumes valuable compute power and disk space.
The VM Solution
Companies should uninstall all obsolete applications and get new security updates to patch missing files and prevent attacks.
Teams should also leverage VM inventory reporting software and implement role-based access control (RBAC) to define appropriate roles and permissions for different users. RBAC ensures that only certain people have the ability to create VMs and snapshots, reducing the chance of wayward VMs.
The Container Problem
Containers are the most effective way to build, test, and deploy across various environments but containerization also lacks isolation from the host OS. A vulnerability in the host kernel or OS can impact all containers and let intruders access everything else in your stack.
The Container Solution
Update your Docker or Kubernetes version and support applications regularly to ensure access to patches and bug fixes that address older versions’ vulnerabilities. Scan early and often using both dynamic and static scanning. Continuous integration and continuous deployment (CI/CD) tooling can run a full range of scans and analyses every time an engineer commits code to a feature branch. If anything goes wrong, the engineer will get a report so they can fix their code immediately.
The Server Problem
Servers are prone to various attacks from enterprising hackers, including security misconfiguration, cross-site scripting, and unvalidated redirects. A typical example is a broken authentication, where an attacker can impersonate a user’s identity on the server.
The Server Solution
Encrypting server credentials such as hashing, using Secure Sockets Layer (SSL) encryption, and enforcing strict cookie control increases protection. Auditing regularly and continuously monitoring updates and patches to software, servers, scripts, and applications will also help prevent a server attack.
Lean on Developer Experience Engineers (DXEs) to implement safeguards like these, as the defining responsibility of this role is to ensure developers are set up for maximum productivity and are enabled to do their jobs effectively with minimal roadblocks.
2. Bugs in Language Runtimes
The Runtime Problem
Runtime errors occur while a program is running in an interpreter or after successful compilation. Common examples of user-caused runtime errors include:
Inputting string format data when the computer expects an integer
Dividing by zero
Passing an argument that is not in a valid range or valid value for a method
Attackers continually use automated software to seek out code vulnerabilities as a means to attack. They can exploit any vulnerabilities within or between code repositories and servers to change and commit code to the primary.
The Runtime Solution
Code reviews, as well as debugging and testing, help developers find errors early, making them faster, easier, and cheaper to resolve. Developers can spend up to 75 percent of their time searching for errors and performance problems using logs and customer reports. Integrated development environments (IDEs) such as JBuilder and Eclipse can help with debugging.
Static analysis tools can identify problems with code security because it enables developers to discover security issues early or even in real-time while writing code. The tools scan as developers write, flagging any security issues in the engineer’s integrated development environment (IDE) or editor. Static analysis tools can identify where code produces unintended outcomes or data is mishandled.
As developers push code directly into production, static code analysis also validates code quality, decreases future errors, reduces bugs, and prevents the opening of backdoors for attackers.
3. Bugs and Vulnerabilities in Build Tools Like Compilers
The Compiler Problem
Compiled code may contain bugs that could be exploited, including bugs in your source code, bugs in the compiler and libraries, or undefined behavior in your source code that the compiler turns into a bug. Compiler bugs are hard to detect, and once triggered, can hide in programs for a long time.
The Compiler Solution
Any software developed with compilers should follow a stringent software development process that includes quality assurance. CI/CD tests should test the build for vulnerabilities to avoid introducing bugs. Until compiler writers optimize code in more secure ways, testing is critical to ensure compiler bugs are found and their impact is mitigated.
4. Bugs and Configuration Errors in Provisioning, Infrastructure, and Deployment Tools
The IaC Problem
Infrastructure as code (IaC) enables DevOps teams to test applications in production-like environments early in the development cycle. It eliminates the need for developers to manually provision and manage servers, operating systems, database connections, storage, and other infrastructure elements every time they want to develop, test, or deploy a software application.
The problem with IaC is that an unpatched vulnerability can serve as a threat entry point, enabling hackers to run code on compromised servers or deploy cryptocurrency miners.
The IaC Solution
Palo Alto Networks’ Unit 42, a team of global threat intelligence researchers, recommends thoroughly scanning every IaC template pulled from a public repository, such as GitHub, for vulnerabilities as part of the CI/CD pipeline.
Companies can also double down on their efforts to shift security left, that is, moving it to the earliest point in its development lifecycle. This encourages software delivery teams to test code right after writing individual units of code. Ultimately, teams need to monitor their public, private, and hybrid clouds to check who is accessing data and determine if the data is altered or exfiltrated.
5. Bugs and Misconfiguration in Infrastructure Tools
The Infrastructure Tools Problem
Misconfigurations allow a malicious actor to access a container. A threat actor with high access privileges can potentially enter other containers housing sensitive information or infect them with malware.
Divy’s 2020 Cloud Misconfigurations Report revealed that from 2018 to 2019, the number of records exposed by cloud misconfigurations rose by 80 percent, as did the total cost to companies associated with those lost records. Gartner estimates that through 2025, at least 99 percent of cloud security failures will be the cloud customer’s fault.
The Infrastructure Tools Solution
It’s crucial that your team implement secrets management, rotate and change secrets regularly, appropriate access privileges, and implement role-based access control (RBAC). It’s also crucial that you do so correctly.
You should authorize secrets access according to an appropriate access management policy that restricts access rights according to pertinent roles, time, and tasks. Multifactor authentication is an added layer of protection because it prevents the secrets provider from giving the secret to an imposter, effectively limiting access to trusted containers.
6. Exposed Secrets
The Secrets Problem
Applications, scripts, and other non-human identities use secrets and other credentials to communicate with other applications and tools, and securely access databases and other sensitive resources. Incorrectly implemented secrets offer attackers an easy target.
The Secrets Solution
A CI/CD platform can help secure your pipeline by centralizing production keys across your organization. An effective secrets management strategy should integrate with every tool in the DevOps workflow and across cloud providers. Good secrets management provides granular access control across your ecosystem to determine which access level people and services have.
Security Is Always Worth the Work
The industry continually discovers vulnerabilities in software libraries, software packages, operating systems, and infrastructure. Vulnerability management requires continuous scanning, classifying, prioritizing, and patching these vulnerabilities.
DevOps teams must understand the threats that can attack their pipeline and develop best practices for deploying a CI/CD pipeline. Securing the pipeline configuration is also essential. Enterprises cannot take these key application security risks lightly, but the risks do not have to be showstoppers. With a bit of work, enterprises can use CI/CD to automatically detect and mitigate all these threats in a scalable manner.
Opinions expressed by DZone contributors are their own.