Welcome back to the series. If you have come directly to this post, I recommend you go through the previous post, What is a Zero Day Attack Part one. But you can continue. I have covered the basics of Zero Day attack in the post.
Overview of Secured Applications
No matter how great a developer or how securely he writes a code, there has to be some bug one way or the other. According to experts, in every 1000 lines of code, on average, five bugs are present. And a good percentage of these bugs can be used to compromise the application’s security.
Now there are two ways to find the bugs. The first step is to sit and test every line and find it out. But since, most of the time, the source code is not available, so the second way is to use Fuzzers. So what are they? Programs Hacking other programs. Surprised? Let’s move to the next point, and I will tell you more about it.
What are Fuzzers?
Fuzzers is software program or script – specially created to look for errors in any piece of code or application. A fuzzer will virtually look for every input variable and try every possible combination to find out the handling of the program and coding errors.
Fuzzers are also Fault Injectors because they create and inject faults inside any application. These Fuzzers can test errors for applications, protocols, files, etc., and are widely used to find new vulnerabilities like buffer overflow, DoS, SQL injection, and XSS.
Why should I use Fuzzers when I am already investing in security so much?
This question should click in your mind. Else the importance of it will never be realized in short two reasons.
- You know about the vulnerability before others do, so you get a patch before anybody else finds and attacks you.
- Secondly, if you have a custom-made tool (made just by you), there are negligible chances that others will know about it, and you won’t get feedback if there is some loophole in the software. So it’s your duty to find the bug and prepare for the patch. Else if ZDA or Zero Day Attack begins, you might be too late.
Types of Protection by Fuzzers
The best way to fight against any unknown attack is to restrict your application from showing any unwanted behavior. For that, all you need is an application firewall. This tool records any application for abnormal behavior that makes an alert and, in some cases, simply restricts the application from running. There are two, I found.
- AppArmor: This is an Open Source application firewall currently maintained by Novell. You can get the document and install it on top of any Linux distro. But the easiest way is to get a copy of OpenSuse 10, which had AppArmor out of the box. It has an easy configuration manager called YaST. The advantage of using this is when any bug or virus enters the system (be it known or unknown) and tries to modify the settings and parameters of the application, AppArmor will automatically create an alert. You can see the image below for the YaST configuration.
- Socket Shield: This tool can protect you against zero-day worms and other malware from websites. Yes, you got it right. It monitors traffic coming from port 80. As per the analysis I read, the entire process of monitoring is invisible to users and does not affect performance. Simply, it protects your computer by monitoring at the socked level. It closes the socket in case of any exploit found. You can use it for shielding as well as blocking. By providing known spamming sites’ IP addresses and blocking, it will do on its own in case it finds any suspicious activity. You can take a look at more details here. The image below can give you a small preview.
The second type is Web Server Protection. It’s a bit long, so I don’t want to make this post boring, so I will continue it to the next post. Till then you can try the above if it fits your requirement.