Denken Sie zuerst an die Anwendungssicherheit

Anwendungen sind das Tor zu Ihren Daten – und den Daten Ihrer Kunden. Wie schützen Sie Ihre Anwendungen vor den heutigen Bedrohungen? Indem Sie sie verstehen, ihre Komponenten sowie deren unterstützende Infrastruktur kennen und was sie anfällig für Angriffe macht. Wenn Sie Ihre Anwendungen verstehen, verstehen Sie auch, wo Sie Ihre Ressourcen konzentrieren können, um sie sicherer zu machen.

Werden Sie angegriffen? Rufen Sie uns an unter (866) 329-4253 oder +1 (206) 272-7969

Anwendungsorientiere Sicherheit

Sie sollten wissen, was Ihre Anwendungen anfällig macht und wie diese angegriffen werden können, damit Sie die richtigen Lösungen entwickeln können, um Ihr Risiko zu senken. Stellen Sie die nötige Sicherheit Ihrer Anwendungen sicher, um die heutigen erweiterten Bedrohungen zu mindern und Ihr Unternehmen weiter voranzubringen.

NEWS

F5’s acquisition of Shape Security enables scalable, end-to-end, multi-cloud application security

Attack Types

Explore the app components to understand each tier and the its associated threats.

APP

Explore the app components to understand each tier and the its associated threats.

SERVICES TIER

Web servers, content delivery networks, and app or database servers are the base for web application services. Also part of this tier are frameworks, libraries, and plugins, and internal code that provides an app's core functionality. Attackers frequently scan for unpatched components within this tier, making it the focus of common attacks, such as injection or business logic flaws.

POSSIBLE THREATS

ACCESS TIER

Access is the gateway to the data that an app processes or stores. This tier provides web, mobile, and API clients the ability to authenticate and get authorization to access an application, so it needs to be secure and efficient. An analysis of breach records shows that 33 percent of web app breaches are access related, with phishing, brute force, and credential stuffing attacks leading the way.

1 F5 Labs: Lessons Learned from a Decade of Data Breaches

POSSIBLE THREATS

TLS/SSL TIER

The transport layer security tier includes HTTPS, TLS, and even the outdated SSL protocol. It provides confidentiality for clients and apps communicating over untrusted networks, ensuring attackers can't tamper with data in transit. Flawed libraries or implementations can lead to vulnerabilities like Heartbleed or denial-of-service attacks. TLS is also used to hide payloads that target other tiers of the app.

POSSIBLE THREATS

DNS TIER

The "address book" of the Internet, DNS translates domain names into IP addresses so browsers can load Internet resources. This tier includes all DNS servers needed by the client and the app, as well as the relevant registrars of those apps' domains. App availability can be disrupted if its DNS suffers a DDoS attack. Alternatively, DNS can be targeted in a hijacking attempt that can compromise an app's confidentiality or integrity.

POSSIBLE THREATS

NETWORK TIER

Clients and apps need a network to connect. Many applications exist on or communicate over the biggest network—the Internet. An app also typically resides on an internal network, allowing app admins to connect and make changes. The network tier is a target of multiple types of DDoS attacks. Compromised internal networks can lead to unauthorized disclosure, alteration, or destruction of data.

POSSIBLE THREATS

DDOS ATTACKS

The purpose of a DDoS attack is to make an application unavailable. DDoS attacks typically originate from an "army" of hacker-controlled bots. All tiers of an app have a capacity limit or are designed in a way that's vulnerable to DDoS attacks. Volumetric attacks target the network tier, overwhelming bandwidth. Others target server or infrastructure resources such as CPU, memory, or state tables.

DDoS Solutions

Use Cases

WEB APPLICATION ATTACKS

Web app attacks target the data held by apps through layer 7 by attempting to steal a user's credentials via a man-in-the-middle attack or exploiting vulnerabilities in servers, frameworks, libraries or even business logic flaws within custom code. Also included are access-control attacks, like credential stuffing, brute force attacks, and credential theft via malware or phishing.

Web App Security Solutions

Use Cases

APP INFRASTRUCTURE ATTACKS

Application infrastructure refers to the systems that applications depend on that are external to the app itself. Attacks against application infrastructure target TLS, DNS, and the network tiers. These attacks can include compromising a vulnerable implementation of TLS/SSL, spoofing DNS to divert user traffic, a man-in-the-middle attack on a network, or a DDoS attack on any of these tiers.

App Infrastructure Solutions

Use Cases

ACCESS ATTACKS AND BUSINESS CHALLENGES

Attacks on access often consist of botnets attempting to brute force user accounts, test stolen passwords, or look for web apps with weak access controls. While preventing successful attacks is paramount, understanding how users access your apps can help you balance “least privilege” without compromising user productivity.

Access Solutions

Use Cases

ATTACK TYPES

HOW APPS ARE ATTACKED

What are apps and how are they attacked?

Applications are made up of many independent components, running in separate environments with different requirements and a supporting infrastructure that's glued together over networks. Each component, or tier, can be a target. To evaluate defenses, you need to understand the attack surface of each tier.

  • Services
  • Access
  • TLS
  • DNS
  • Network

What are apps and how are they attacked?

Applications are made up of many independent components, running in separate environments with different requirements and a supporting infrastructure that's glued together over networks. Each component, or tier, can be a target. To evaluate defenses, you need to understand the attack surface of each tier.

SERVICES TIER
services off

Web servers, content delivery networks, and app or database servers are the base for web application services. Also part of this tier are frameworks, libraries, and plugins, and internal code that provides an app's core functionality. Attackers frequently scan for unpatched components within this tier, making it the focus of common attacks, such as injection or business logic flaws.

POSSIBLE THREATS

ACCESS TIER
services off

Access is the gateway to the data that an app processes or stores. This tier provides web, mobile, and API clients the ability to authenticate and get authorization to access an application, so it needs to be secure and efficient.

An analysis of breach records shows that 33 percent of web app breaches are access related, with phishing, brute force, and credential stuffing attacks leading the way.

1 F5 Labs: Lessons Learned from a Decade of Data Breaches

POSSIBLE THREATS

TLS/SSL TIER
tlsOff

The transport layer security tier includes HTTPS, TLS, and even the outdated SSL protocol. It provides confidentiality for clients and apps communicating over untrusted networks, ensuring attackers can't tamper with data in transit.

Flawed libraries or implementations can lead to vulnerabilities like Heartbleed or denial-of-service attacks. TLS is also used to hide payloads that target other tiers of the app.

POSSIBLE THREATS

DNS TIER
dnsOff

The "address book" of the Internet, DNS translates domain names into IP addresses so browsers can load Internet resources. This tier includes all DNS servers needed by the client and the app, as well as the relevant registrars of those apps' domains.

App availability can be disrupted if its DNS suffers a DDoS attack. Alternatively, DNS can be targeted in a hijacking attempt that can compromise an app's confidentiality or integrity.

POSSIBLE THREATS

NETWORK TIER
networkOff

Clients and apps need a network to connect. Many applications exist on or communicate over the biggest network—the Internet. An app also typically resides on an internal network, allowing app admins to connect and make changes.

The network tier is a target of multiple types of DDoS attacks. Compromised internal networks can lead to unauthorized disclosure, alteration, or destruction of data.

POSSIBLE THREATS

ATTACK TYPES

HOW APPS ARE ATTACKED

Attack Types

Explore the app components to understand each tier and the its associated threats.

DDOS
services access dns network

The purpose of a DDoS attack is to make an application unavailable. DDoS attacks typically originate from an "army" of hacker-controlled bots.

All tiers of an app have a capacity limit or are designed in a way that's vulnerable to DDoS attacks. Volumetric attacks target the network tier, overwhelming bandwidth. Others target server or infrastructure resources such as CPU, memory, or state tables.

DDoS Solutions

Use Cases

WEB APPLICATION
services access

Web app attacks target the data held by apps through layer 7 by attempting to steal a user's credentials via a man-in-the-middle attack or exploiting vulnerabilities in servers, frameworks, libraries or even business logic flaws within custom code.

Also included are access-control attacks, like credential stuffing, brute force attacks, and credential theft via malware or phishing.

Web App Security Solutions

Use Cases

APP INFRASTRUCTURE
tls dns network

Application infrastructure refers to the systems that applications depend on that are external to the app itself. Attacks against application infrastructure target TLS, DNS, and the network tiers. These attacks can include compromising a vulnerable implementation of TLS/SSL, spoofing DNS to divert user traffic, a man-in-the-middle attack on a network, or a DDoS attack on any of these tiers.

App Infrastructure Solutions

Use Cases

ACCESS
tls dns network

Attacks on access often consist of botnets attempting to brute force user accounts, test stolen passwords, or look for web apps with weak access controls. While preventing successful attacks is paramount, understanding how users access your apps can help you balance “least privilege” without compromising user productivity.

ERFAHREN SIE, WIE SIE SICH GEGEN SCHÄDLICHE BOTS VERTEIDIGEN KÖNNEN, OHNE GUTARTIGE BOTS ZU STÖREN.

Eine Organisation verfügt für gewöhnlich über 765 Anwendungen – und jede ist ein potenzielles Ziel. Sind Ihre Anwendungen geschützt?

ÄHNLICHE INHALTE

Die Jagd nach dem IoT

Das Wachstum und die Evolution von Thingbots sorgt für Chaos

Ein Jahrzehnt an Datensicherheitsverletzungen

86 % der Verstöße richten sich gegen Anwendungen und Identitäten.

Cloud

Cloudfreundlichere Sicherheitsgestaltung

Unterstützung, die die Sicherheit Ihres Unternehmens bewahrt

Wir sind Ihr Sicherheitsnetz

Wenn Sicherheitsvorfälle auftreten, ist unser Security Incident Response Team (F5 SIRT) für alle Kunden von F5 da.

Maximierung Ihrer Investition

Die professionellen Dienstleistungen von F5 unterstützen Sie beim Entwerfen, Anpassen und Implementieren einer Lösung.

Wir schützen Sie rund um die Uhr

Die SOC-Experten von F5 stehen zwischen Ihnen und den Sicherheitsbedrohungen, die Ihrem Unternehmen schaden können.