Attack aware applications? It this possible? Mozzilla seems to think so. Another layer has been added to security for Mozilla's web applications. The applications are able to identify abnormal user actions. The applications recognize user errors, such as typos, and are also able to identity deliberate attacks against the application and provide a warning mechanism. The goal is to detect a malicious user probing for application weaknesses and disable their ability to cause damage to the system.
The application would use a blacklist approach to detect a possible attack such as a maliciouss user inserting rogue values in the password-reset token URL. A normal user would not accidentally modify the URL to include a SQL injection attack.
The security would only be for the Mozzilla applications. This new security mechanism does not replace any existing security, but just add an additional layer. The layered approach to security is very beneficial and the approach to specifically make application aware create a whole new level of security to ensure the end user remains secure.
http://www.darkreading.com/security-monitoring/167901086/security/application-security/229201102/mozilla-working-on-making-its-applications-attack-aware.html
No comments:
Post a Comment