Mozilla Developing Attack-Aware Security Applications

Wednesday, February 09, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Mozilla is taking steps to make the company's applications more secure by enabling them to identify potential exploit attempts.

The approach is termed "attack-aware" and seeks to determine if actions by a user are intended to discover weaknesses in an application that could be used to design an attack.

Mozilla Security expert Michael Coates wrote about the initiative:

"An attack-aware application uses a blacklist-style detection of a potential attack. It is important to realize that this is not intended to be a substitute for secure design principles. Instead, it is an additional detection capability layered on top of a securely designed application."

Attack-aware will seek to distinguish deliberate probing of an application from aberrations that can be attributed to human error.

"Currently, we are monitoring attack reports from our attack-aware applications. This data is all fed into a security-integration manager that allows us to monitor trends and investigate individual attack reports. We are moving towards building a system that will enable us to selectively block the offending user from the application to prevent further attacks," Coates wrote.

The key to attack-aware's success will be in the ability to properly classify user anomalies which has been used with little success at the network level, while applying this methodology to the application level may be more optimal for avoiding false positives.

Source:  http://www.eweek.com/c/a/Security/Mozilla-Developing-More-AttackAware-Applications-for-Security-853276/

Possibly Related Articles:
10682
Webappsec->General
Mozilla Application Security Vulnerabilities Exploits Headlines Attack-Aware
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.