优先思考应用安全性

获得所需应用安全性,缓解当今的高级威胁,并继续推动业务发展。

遭到攻击?请致电 400 815 5595 或 (010) 5643 8123

使用案例

应用是访问您的数据,以及客户数据的门户。保护应用的关键在于要了解应用:了解其组件、基础结构,及其易于受到攻击的原因。当您对应用有所了解后,便会掌握保护应用的方式。

Attack Types

Explore the app components to understand each tier and the its associated threats.

APP

Explore the app components to understand each tier and the its associated threats.

SERVICES TIER

Web servers, content delivery networks, and app or database servers are the base for web application services. Also part of this tier are frameworks, libraries, and plugins, and internal code that provides an app's core functionality. Attackers frequently scan for unpatched components within this tier, making it the focus of common attacks, such as injection or business logic flaws.

POSSIBLE THREATS

ACCESS TIER

Access is the gateway to the data that an app processes or stores. This tier provides web, mobile, and API clients the ability to authenticate and get authorization to access an application, so it needs to be secure and efficient. An analysis of breach records shows that 33 percent of web app breaches are access related, with phishing, brute force, and credential stuffing attacks leading the way.

1 F5 Labs: Lessons Learned from a Decade of Data Breaches

POSSIBLE THREATS

TLS/SSL TIER

The transport layer security tier includes HTTPS, TLS, and even the outdated SSL protocol. It provides confidentiality for clients and apps communicating over untrusted networks, ensuring attackers can't tamper with data in transit. Flawed libraries or implementations can lead to vulnerabilities like Heartbleed or denial-of-service attacks. TLS is also used to hide payloads that target other tiers of the app.

POSSIBLE THREATS

DNS TIER

The "address book" of the Internet, DNS translates domain names into IP addresses so browsers can load Internet resources. This tier includes all DNS servers needed by the client and the app, as well as the relevant registrars of those apps' domains. App availability can be disrupted if its DNS suffers a DDoS attack. Alternatively, DNS can be targeted in a hijacking attempt that can compromise an app's confidentiality or integrity.

POSSIBLE THREATS

NETWORK TIER

Clients and apps need a network to connect. Many applications exist on or communicate over the biggest network—the Internet. An app also typically resides on an internal network, allowing app admins to connect and make changes. The network tier is a target of multiple types of DDoS attacks. Compromised internal networks can lead to unauthorized disclosure, alteration, or destruction of data.

POSSIBLE THREATS

DDOS ATTACKS

The purpose of a DDoS attack is to make an application unavailable. DDoS attacks typically originate from an "army" of hacker-controlled bots. All tiers of an app have a capacity limit or are designed in a way that's vulnerable to DDoS attacks. Volumetric attacks target the network tier, overwhelming bandwidth. Others target server or infrastructure resources such as CPU, memory, or state tables.

DDoS Solutions

Use Cases

WEB APPLICATION ATTACKS

Web app attacks target the data held by apps through layer 7 by attempting to steal a user's credentials via a man-in-the-middle attack or exploiting vulnerabilities in servers, frameworks, libraries or even business logic flaws within custom code. Also included are access-control attacks, like credential stuffing, brute force attacks, and credential theft via malware or phishing.

Web App Security Solutions

Use Cases

APP INFRASTRUCTURE ATTACKS

Application infrastructure refers to the systems that applications depend on that are external to the app itself. Attacks against application infrastructure target TLS, DNS, and the network tiers. These attacks can include compromising a vulnerable implementation of TLS/SSL, spoofing DNS to divert user traffic, a man-in-the-middle attack on a network, or a DDoS attack on any of these tiers.

App Infrastructure Solutions

Use Cases

ACCESS ATTACKS AND BUSINESS CHALLENGES

Attacks on access often consist of botnets attempting to brute force user accounts, test stolen passwords, or look for web apps with weak access controls. While preventing successful attacks is paramount, understanding how users access your apps can help you balance “least privilege” without compromising user productivity.

Access Solutions

Use Cases

ATTACK TYPES

HOW APPS ARE ATTACKED

What are apps and how are they attacked?

Applications are made up of many independent components, running in separate environments with different requirements and a supporting infrastructure that's glued together over networks. Each component, or tier, can be a target. To evaluate defenses, you need to understand the attack surface of each tier.

  • Services
  • Access
  • TLS
  • DNS
  • Network

What are apps and how are they attacked?

Applications are made up of many independent components, running in separate environments with different requirements and a supporting infrastructure that's glued together over networks. Each component, or tier, can be a target. To evaluate defenses, you need to understand the attack surface of each tier.

SERVICES TIER
services off

Web servers, content delivery networks, and app or database servers are the base for web application services. Also part of this tier are frameworks, libraries, and plugins, and internal code that provides an app's core functionality. Attackers frequently scan for unpatched components within this tier, making it the focus of common attacks, such as injection or business logic flaws.

POSSIBLE THREATS

ACCESS TIER
services off

Access is the gateway to the data that an app processes or stores. This tier provides web, mobile, and API clients the ability to authenticate and get authorization to access an application, so it needs to be secure and efficient.

An analysis of breach records shows that 33 percent of web app breaches are access related, with phishing, brute force, and credential stuffing attacks leading the way.

1 F5 Labs: Lessons Learned from a Decade of Data Breaches

POSSIBLE THREATS

TLS/SSL TIER
tlsOff

The transport layer security tier includes HTTPS, TLS, and even the outdated SSL protocol. It provides confidentiality for clients and apps communicating over untrusted networks, ensuring attackers can't tamper with data in transit.

Flawed libraries or implementations can lead to vulnerabilities like Heartbleed or denial-of-service attacks. TLS is also used to hide payloads that target other tiers of the app.

POSSIBLE THREATS

DNS TIER
dnsOff

The "address book" of the Internet, DNS translates domain names into IP addresses so browsers can load Internet resources. This tier includes all DNS servers needed by the client and the app, as well as the relevant registrars of those apps' domains.

App availability can be disrupted if its DNS suffers a DDoS attack. Alternatively, DNS can be targeted in a hijacking attempt that can compromise an app's confidentiality or integrity.

POSSIBLE THREATS

NETWORK TIER
networkOff

Clients and apps need a network to connect. Many applications exist on or communicate over the biggest network—the Internet. An app also typically resides on an internal network, allowing app admins to connect and make changes.

The network tier is a target of multiple types of DDoS attacks. Compromised internal networks can lead to unauthorized disclosure, alteration, or destruction of data.

POSSIBLE THREATS

ATTACK TYPES

HOW APPS ARE ATTACKED

Attack Types

Explore the app components to understand each tier and the its associated threats.

DDOS
services access dns network

The purpose of a DDoS attack is to make an application unavailable. DDoS attacks typically originate from an "army" of hacker-controlled bots.

All tiers of an app have a capacity limit or are designed in a way that's vulnerable to DDoS attacks. Volumetric attacks target the network tier, overwhelming bandwidth. Others target server or infrastructure resources such as CPU, memory, or state tables.

DDoS Solutions

Use Cases

WEB APPLICATION
services access

Web app attacks target the data held by apps through layer 7 by attempting to steal a user's credentials via a man-in-the-middle attack or exploiting vulnerabilities in servers, frameworks, libraries or even business logic flaws within custom code.

Also included are access-control attacks, like credential stuffing, brute force attacks, and credential theft via malware or phishing.

Web App Security Solutions

Use Cases

APP INFRASTRUCTURE
tls dns network

Application infrastructure refers to the systems that applications depend on that are external to the app itself. Attacks against application infrastructure target TLS, DNS, and the network tiers. These attacks can include compromising a vulnerable implementation of TLS/SSL, spoofing DNS to divert user traffic, a man-in-the-middle attack on a network, or a DDoS attack on any of these tiers.

App Infrastructure Solutions

Use Cases

ACCESS
tls dns network

Attacks on access often consist of botnets attempting to brute force user accounts, test stolen passwords, or look for web apps with weak access controls. While preventing successful attacks is paramount, understanding how users access your apps can help you balance “least privilege” without compromising user productivity.

资源

下步举措

我们就是您的安全网

当发生了安全事故时,我们的安全事件响应团队 (F5 SIRT) 随时随地为所有 F5 客户待命。

最大化投资价值

F5 专业服务将助力您设计、定制并实施解决方案。

我们全天候为您提供服务

F5 的 SOC 专家在您与可能破坏业务的安全威胁之间筑起了一道防火墙。