Application layer attacks

Application layer attacks come in the highest variety and severity, and include but are not limited to the following:

• Brute-force attacks: An attacker tries to gain access by trying to breach an application entry point (remote desktop, SSH, web login) with a dictionary attack or similar
• Session hijacking: The attacker intercepts credentials or tokens and pretends to be an active user to gain access
• Injection attacks: An attacker exploits poor application security to inject information into the application for DoS or to gain access
• Account hijacking: Accounts are hijacked through phishing or inadvertent disclosure of credentials for DoS or to gain access

We can easily detect brute-force attacks with a monitoring solution such as CloudWatch, which can provide an alert when a certain user has reached a certain threshold of invalid logins over a certain period of time.

To protect from session hijacking, we could use encryption. Since the traffic is encrypted, it will make it very difficult for an attacker to perform a session hijack. We can also implement mechanisms that allow you to check network packets on several layers. This helps our application determine whether the packet has been altered, thus indicating an interception and a possible attempt to hijack the session.

AWS WAF can be used to prevent injection attacks, but the wisest way to protect your application is to secure it at the application layer.

Possibly the most difficult attack to detect and protect from the network layer would be account hijacking. Phishing or inadvertent credential disclosures can lead to an attack that is hard to detect. An attacker can easily fool any automated system and pretend to be a legitimate user while trying to gain deeper access or transferring confidential data from our application. The recommended way to protect from account hijacking is to use multi-factor authentication (MFA). AWS has built-in MFA for AWS accounts and IAM users. We should always make sure that any developers building any type of publicly accessible application understand the need for MFA. Building MFA capability into the application level will raise the security of any application accounts dramatically.