The Lessons We Can Learn From the Equifax Breach

This week Equifax agreed on a settlement with state and federal regulators to resolve one of the largest data breaches in history, and the sum is absolutely staggering. Equifax will have to pay around $700 million to settle the case — the largest amount ever paid for a data breach. Equifax will also have to pay between $300-425 million as compensation to those who were affected by the data breach. All of this is a result of a security loophole in the tool they used to build web apps. 

While this is a very extreme example of a data breach, it’s best to avoid even a small one at all costs, especially when handling customer information. In this article, we will give you some tips on how to secure your application, so you don’t fall victim to hacking attacks. 

SQL Injections

Hacking web apps have become one of the most preferred methods for cybercriminals to infiltrate the IT infrastructure of your business. One of the most critical threats is SQL injections. This method of hacking was discovered around fifteen years ago and is still a big threat to database security. If the hacker successfully manages to infiltrate the database with an SQL injection, they can do a lot of damage, such as defacing your website and obtaining sensitive user data. 

One of the ways to defend against such an attack is by using prepared statements with parameterized queries. Basically, the SQL command will use a parameter, as opposed to inputting values straight into the command. This will prevent the backend from running malicious queries. Whenever you discover a potential vulnerability, it is extremely important to patch and update it as quickly as possible. 

Finally, try implementing a web application firewall to help filter out potentially harmful data. Such a firewall will offer you some protection until it is possible to make a patch. Some firewall options are open source, like ModSecurity, which offers a sophisticated and effective set of rules to get rid of unwanted web requests. 

DoS and DDoS attacks

A denial of services (DoS) attack is a really fast way to subvert your app. Hackers can prevent you from accessing your web or cloud-based apps by inundating them with a flood of access requests. There are also more sophisticated methods, such as using a series of infected machines called botnet to perform a distributed denial of services (DDoS) attack. Such attacks are unpredictable and can happen at warp speed,  completely shutting down your app in a matter of minutes. Therefore, if you noticed a sudden surge in access requests, you will need to shut down the requests coming from the same IP address of the requestor, and immediately alert your IT team that potential DDoS activity has been detected. 

This is very important. Early detection could be the difference between preventing a potential attack and dealing with the aftermath of one. The first thing you need to do is become acquainted with your usual inbound traffic profile. Most DDoS attacks happen when you notice a sharp uptick in traffic, so you need to be able to tell the difference between actual users and the beginning of a DDoS attack. If you have over-provisioned the bandwidth available to your server, it will allow you to buy some extra time to determine the course of action before resources are completely used up. Keep in mind, even if you over-provisioned the bandwidth by 500%, it is still not enough to stop most DDoS attacks. If you do not host your own server, call your ISP company right away. In fact, you have a better chance of surviving a DDoS attack if your servers are located in a data center because they will be far better equipped to deal with DDoS attacks.

From time to time, it is a good idea to conduct DDoS resistance tests, since these will show you how effective your DDoS mitigation mechanisms actually are. The test will usually cover these scenarios: testing the entire interface infrastructure, testing without any devices protecting against DDoS attacks, and testing separate interface elements. A number of benefits from such testing usually result:

• Minimize or even eliminate the number of services that will be unavailable if a DDoS attack occurs.
• Internet interface architecture error remediation
• Enhanced performance of the elements that are to be protected against a DDoS attack

Penetration Testing

This is one of the most widely used security methods for determining the robustness of web applications. The test is performed by simulating an attack, both internally and externally, in order to gain access to sensitive data. Penetration testing will allow you to identify previously unknown vulnerabilities and test the components that are exposed to the public, such as routers, DNS and firewalls. This kind of test can be performed from any location since there are no restrictions on the ports and services by the internet provider. Before the testing can begin, you need to identify the scope of the test and determine your definition of success. 

As the testing is underway, it is important that you perform the operation with different user roles, as the system can act differently, depending on the access privilege of each role. If you’re using a third-party vendor for penetration testing, be sure they provide you with clear and detailed reports, including the vulnerabilities they found, the testing methodology used and detailed accounts of the severity of the discovered issues. They should also provide you with some actionable steps you can take in order to remediate the problem. 

All of the processes mentioned above are important, in terms of providing security for your users. While strengthening the security of your IT infrastructures may appear to be expensive and time-consuming, it’s well worth the cost to avoid damage to your brand, not to mention potential fines and court fees. Given the fact that new threats emerge daily, it is important to conduct regular penetration tests, in order to identify new vulnerabilities and improve the software development cycle. We believe it’s wisest to incorporate security in the early stages of development, rather than relying on the more risky option — waiting until it is complete, or worse, waiting until the damage is already done.