Operations Security

Description

Apache Struts Vulnerability- Equifax

In recent days Equifax has faced major vulnerability by using open-source Apache Structs, Equifax is one of the major companies that provide customer credit information. It has faced biggest criticism for practicing poor security design, which lead to expose personal details of its customers.

Attacker sends http request to Equifax server, which contains special characters in the query which would get the OS level details, as the application is designed to trick some OS level details to process a request. Attackers, got the database credentials and exposed personal details of Equifax customers.

Major cause for the attack is, Equifax was using an older verion open source Apache Structs framework, it is advised for an enterprise to keep updating open source frameworks or software, in fact Apache software foundation has already provided a patch or fix for vulnerability CVE-2017-5638, which is a vulnerability for expression language in Struts framework. But Equifax, a credit monitoring company was light on the vulnerability details. As a result, it was prone to attack, by simply injecting simple SQL query in to Equifax database and download all the customer details.

Security measures against vulnerabilities:

1. Existing security playbooks must be updated with the latest vulnerabilities.

2. The playbooks consists of the directives and guidelines, which would direct for testing the security system of the infrastructure.

3. End point URI has to be HTTPS instead of HTTP, a trusted client-server handshake will happen, when your end point url is made HTTPS, it can be achieved by a getting signed certificate from a authenticated certificate vendor and Installing on your JVM, ie, the instance your application is made to run on.

4. Database credentials has to be encrypted using advanced cryptographic technique, more over at the time of storing data, encryption technology has to be implemented.

5. Enterprise level applications has to be frequently visited to check the security framework and update to the latest version of the released framework.

Comment on this post. Either agree or disagree with their suggest and

provide a reason

why you agree or disagree.

I Need a reply for discussion

We offer the bestcustom writing paper services. We have done this question before, we can also do it for you.

Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.