Daily 10 Tech Q&A With Bala

• Authentication and authorization ( if your authentication part is compromised, hackers can easily penetrate into a user app and do whatever they want, so it is important to safeguard your authentication mechanism to the app, API, or system.
• Logging: Application logs are essential and, more importantly, without which you won’t be able to identify any security incident; application-specific data is used for investigation. You should follow the best practices as much as you can to log the data.
• Encryption on data: There are multiple encryption algorithms that I will cover at the end of the video today; it is safe when you encrypt the data while transmitting from sender to receiver. Decryption is done at the receiver level to get the actual data.

2. Why Should You Use WAF Along With a Firewall?

Firewalls are the first level of protection that permits or blocks network traffic based on IP addresses and port numbers. It can allow traffic to default ports http80 and https443.

There are multiple Hardware firewall vendors in the market, and I can share some for your use to explore; my point here is not to say which firewall is the best; I am just sharing you in random order.

1. Cisco ASA,

2. Palo Alto PA-7000,

3. Bitdefender BOX,

4. CUJO AI,

5. Fortinet FortiGate,

6. NetGear ProSAFE,

7. Netgate pfSense Appliances,

8. SonicWall,

9. Sophos XG,

10.WatchGuard Firebox.

Web application firewalls WAF software that could not detect attacks on the OS and network. It protects web applications only over attacks such as SQL injection, cross-site scripting, etc.

There are multiple Web Application Firewall vendors in the market. I can share some for your use to explore; my point here is not to mention which WAF is the best; I am just sharing you in random order.

1. AWS WAF
2. Akamai WAF
3. F5 Advanced WAF
4. Cloudflare WAF
5. Citrix WAF
6. AppTrana
7. Prophaze WAF
8. Sucuri Website Firewall
9. Imperva WAF
10. Barracuda WAF
11. Fortinet FortiWeb
12. SiteLock

3. Why Do You Need IPS With Firewall?

An intrusion prevention system (IPS) monitors the network to detect malicious traffic.

IPS at a host can defend against attacks at the OS level and prevent attacks due to any software vulnerability, and IPS at a network can defend against attacks at the network level.

• Alert Logic MDR
• Fidelis Network
• Cisco Secure Firewall
• Trellix Network Security
• Trend Micro TippingPoint NGIPS

4. How Do DDOS Attacks Impact the Apps?

A distributed denial-of-service (DDoS) attack can create or flood traffic which leads to abnormality in the regular functioning of systems.

DDOS attacks can happen at different levels of OSI, mainly in Network (layer 3), Transport (Layer 4), Presentation (Layer 6), and Application (Layer 7) Layers.

Think of a situation where you get a huge volume of HTTP requests at the same time; it will collapse the system.

If connected device bots are infected with malware, they can be controlled by external attackers by sending remote instructions to create huge traffic routing to the target’s IP address.

5. How Can You Prevent DDOS Attacks?

The prevention can be at different OSI levels; at the application level, rate limiting is a significant way to limit the number of requests to a system/resource at a particular point in time.

• API Gateways can prevent DDOS attacks for API Traffic.
• CDN allows setting rate limits, ex, x no of requests per second/minute, at API gateway provides the provision to set rate limit with API keys used to authenticate API calls.
• Setting rate limits based on historical data to be nominal, not too low or high, to avoid false negative or false positive alerts.
• Using effective rules set in WAF prevents the servers from getting attacked by malicious traffic and acts as a reverse proxy to filter the unauthorized traffic.

6. Is a Brute-Force Attack Similar to DDOS Attack?

It depends; for brute force, the major focus is user credential theft. It depends on the complexity involved in attackers trying to guess the user credential, especially the password; if the password set by the user is simple, attackers do not need multiple tries to hack; that’s why org has multiple remainders to change the password on a regular frequency, not to reuse the last three or four used passwords, minimal length, and combinations for setting passwords, not to use the same password for multiple accounts.

7. What are the most popular encryption algorithms?

- Advanced Encryption Standard (AES) — 192 to 256 bits used. A single key is used for encryption and decryption; thus, both the sender and receiver have the same key.

This is used in SSL/TLS protocol (website security), even in WIFI security and VPN security.

- Rivest-Shamir-Adleman (RSA) — Asymmetric uses a public key for encryption and a private key for decryption.

When we discuss encryption algorithms, you need to understand that there are two types:

1. symmetric 
2. asymmetric

There are many more algorithms, such as:

1. 3DES Symmetric Encryption Algorithm — used in encryption algorithm in payment systems. This is also used in cryptographic protocols such as TLS, SSH, IPsec, and OpenVPN.
2. AES Symmetric Encryption Algorithm AES is the most popular, quicker, and safe. I have covered this already.

The other category is asymmetric; you have;

1. RSA
2. ECC

Nowadays, hybrid encryption is used, a mix of symmetric and asymmetric encryption.

This segment has a lot to cover; we will move on to the next question.

8. How to Prevent SQL Injection?

SQL Injection is the process of injecting anonymous data into SQL queries; this creates a serious threat to the application connected to the database, and there is a high chance of the application getting compromised.

To avoid there are multiple ways that you can think of;

• Avoid string concatenation in dynamic SQL queries, and use parameterized queries in prepared statements.
• If stored procedures have opted to avoid the internal generation of dynamic SQL.
• Use predefined inputs with validation in the list.
• Escape all user-supplied input using the proper escaping scheme for the database.

9. What Is OWASP Enterprise Security API (ESAPI)?

Open Web Application Security Project is a non-profit community that works to improve the security of applications.

ESAPI is a;

• Free, open source, web application security control library.
• Provides database encoders for additional validation on user inputs to prevent SQL injection.
• This is kind of an external check implied to prevent SQL injection and to make sure the data is legitimate to use in the database.
• Moving to the next question.

10. What Validation Techniques Should You Apply in Web App Security?

Generally, to safeguard the application, though the application priming language enforces certain standards, developers have to be mindful of following certain best practices.

• Data type Validation;
• Validating JSON Schema;
• Type conversion with strict exception handling;
• Set min and max values for numerical values;
• Apply regular expressions for structured data.

Stay tuned until I come back on another day with ten more tech questions and answers.