A Unique Approach Based on Understanding Hacker Behavior

Learn more about xyberShield's effectiveness

1White Hat Security Website Statistic Report, Summer 2012, Edition 12

2Verizon Data Breach Report 2012

The Hacker’s Surprisingly Disciplined Process

Hackers usually follow a well-established attack pattern with four distinct stages. The process is one of exploration that builds a comprehensive profile of a website’s weaknesses, that eventually allowing a hacker to build and execute a focused attack plan. Depending upon the hacker’s motivation (e.g. greed, reputation damage), information theft may occur quickly or at a slow and steady pace that is difficult to detect.

  Stage Action Typical Tools Results
Reconnaissance Extensive browsing to traverse website and discover operational parameters Web debug proxy to examine traffic between browser and website; Google hacking Profile of OS, HW, app language, DB, libraries; complete site, error pages and navigational map
Probe Determine weak points; establish and test boundary conditions Anonymous proxies, privacy controls, VMs; vulnerability scanners; automated scripts Assesses defenses and establishes successful attack vectors; learns DB table, field names
Attack Launch attacks to compromise app and DB and collect data Known attacks: SQL injection, X-site scripting & request forgery, directory traversal, remote file inclusion Proof that attacks work; locate and collect sensitive data to assess most effective approaches
Harvest Mask and automate attacks to maintain low profile; collect data quickly or via slow trickle Productized hacker toolkits, Bot networks for rent with easy-to-use mgmt tools Collect sensitive data on an on going basis; publish, sell or use depending upon goals

Hackers know that, like any other visitor, they are accessing an application as intended – through the “front door.” This makes their behavior, while distinctive, difficult to detect given the volume and diversity of normal user activity on a typical website. They are also aware that network firewalls are the first, and often the only, line of defense for a website and that a firewall’s signature-based approach is not effective in detecting behavior patterns – subtle or not.