• Web Application Security Challenges Facing CDN Protection

    Learn why web application security is essential in CDN protection and what five challenges organizations face including dynamic attacks & SSL attacks.

  • CDN is a fantastic content delivery capability but from a web application security and DDoS protection standpoint, it’s sub optimal meaning it’s not a total web application security solution. There are five broad categories of these web application security challenges with CDN protection and they are:

    1. Dynamic Attacks - Dynamic attacks are the areas where you’re calling on a website, the CDN, for content that needs to be fresh. That means that the CDN need to reach back to your specific service for fresh content. This is the dynamic part of the website and that reach back causes an opportunity and in fact an empirical evidence of attacks. We have seen see evidence over the years of increased attacks on web application security on dynamic calls through CDNs. 

    2. SSL Attacks - Clearly, if you have the opportunity to encrypt a session between your CDN and your infrastructure it can be obfuscated. In addition, hand the private key so that you can actually decrypt to your environment, your actually causing your keys to be off loaded to outside your environment and you lose control of your keys. Either way, the SSL attacks are a very big web application security blind spot with any CDN infrastructure.

    3. Non-HTTP Attacks – The CDN is focused on HTTP and the attacks are focused on however they can get to you. That could be FTP, that can be SMTP, that can be VOIP or SIP-based protocols. Any other opportunity on layer 7 attacks is available that’s around the CDN services that you’re receiving.

    4. IP-Based Attacks - The CDN doesn’t cover all of your IP blog ranges which has an impact on your web application security. Though all of your IP blog ranges aren’t covered (though that’s a very typical deployment) you then have IP blocks that are not covered by a CDN, their addressable and accessible by an attacker. We call those direct IP attacks, so attackers actually attack you through your IP that’s not covered through the CDN based services.

    5. Web Application Attacks - Web application attacks, directed attacks, vulnerability based attacks, attacks that can be sophisticated and the protection sets on a CDN are going to be very generic and this can be a challenge when it comes to web application security. Why? Well, necessarily so, CDNS are large in scale which means they cannot provide for intimacy of a protection set for you environment. So the potential for injections, for sessions problems, parameter tampering, SQL injections, all sorts of a directed HTTP application-oriented attacks.

    Currently Under A DDoS Attack and In Need of Expert Emergency Assistance? Radware Can Help.

    DDoS attacks or malware outbreaks can create unwanted emergency situations. Radware offers a   DDoS service with a 24/7 emergency respond team to help respond to these emergencies, neutralize the security risk, and better safeguard operations before irreparable damages occur. If you’re being hit with DDoS attacks and are in need of emergency assistance, Contact us with the code "Red Button".

    Learn how to combat attacks on the application layer, and the bottom line. Download the report, "Web Application Security in a Digitally Connected World.”

  • Recommended Videos

    DDoS Security Concerns in Cloud Computing
    How to Stop Sophisticated DDoS Attacks
    Radware's Advanced Persistent Threat (APT) Score