Intrusion detection and the use of a vulnerability scanner

intrusion detectionIntrusion detection is necessary if you either suspect that someone has some form of illegitimate (and illegal) access to corporate sensitive data or would like to ensure that the information contained within your database is not stolen.

In an ideal scenario, your web application would be impermeable to intruders. Unfortunately, new vulnerabilities in web applications are being discovered all the time and sometimes we might not be aware that an intrusion has taken place until after it has occurred.

Although the first case is more serious than the second (prevention is always better than cure), a sound security infrastructure requires more than simply installing tried and tested policies and solutions. Intrusion detection systems which monitor for malicious activity and suspicious web traffic can help to identify when an intrusion has taken place. However, Intrusion detection, although paramount, is a passive form of security. Therefore, you need a set of tools that allow you to see whether people can penetrate these security measures.

Acunetix is one such tool. The web application layer is significantly different from the network layer simply because web applications (e.g., shopping carts, login forms, contact us forms) need to have direct access to your database.

Since your website needs to be public, all your security and intrusion detection mechanisms will allow public web traffic to communicate with your web application/s (generally over port 80/443). The web application has open access to the database in order to return (update) the requested (changed) information.

This means that at any point in time someone with significant knowledge of databases and coding can manipulate any single application on your website to yield (delete or change) data contained in the database. In these cases, intrusion detection systems might alert you to the activity or to some suspicious traffic but the damage will already have been done.

The only way to ensure that this doesn’t happen is to scan your web applications regularly using a web vulnerability scanner such as Acunetix. The solution will tell you which web applications are weak and therefore can be manipulated. Acunetix will report the type of vulnerabilities and give you recommendations how to best proceed in fixing these weaknesses that will be used by hackers to steal your data and sell it for profit. Moreover, if you are subject to PCI-DSS you are even liable to substantial fines.

Read more about Defense in Depth principles, download a free trial of Acunetix or contact for more information.