Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Security in DevOps

You're reading from   Hands-On Security in DevOps Ensure continuous security, deployment, and delivery with DevSecOps

Arrow left icon
Product type Paperback
Published in Jul 2018
Publisher
ISBN-13 9781788995504
Length 356 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Tony Hsiang-Chih Hsu Tony Hsiang-Chih Hsu
Author Profile Icon Tony Hsiang-Chih Hsu
Tony Hsiang-Chih Hsu
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. DevSecOps Drivers and Challenges FREE CHAPTER 2. Security Goals and Metrics 3. Security Assurance Program and Organization 4. Security Requirements and Compliance 5. Case Study - Security Assurance Program 6. Security Architecture and Design Principles 7. Threat Modeling Practices and Secure Design 8. Secure Coding Best Practices 9. Case Study - Security and Privacy by Design 10. Security-Testing Plan and Practices 11. Whitebox Testing Tips 12. Security Testing Toolkits 13. Security Automation with the CI Pipeline 14. Incident Response 15. Security Monitoring 16. Security Assessment for New Releases 17. Threat Inspection and Intelligence 18. Business Fraud and Service Abuses 19. GDPR Compliance Case Study 20. DevSecOps - Challenges, Tips, and FAQs 21. Assessments 22. Other Books You May Enjoy

Cloud services hacks/abuse

A CSA survey on the top cloud security concerns has identified the following 12 issues:

  • Data breaches
  • Weak identity, credentials, and access management
  • Insecure APIs
  • System and application vulnerabilities
  • Account hijacking
  • Malicious insiders
  • Advanced Persistent Threats (APTs)
  • Data loss
  • Insufficient due diligence
  • Abuse and nefarious use of cloud services
  • Denial of service
  • Shared technology issues

In addition, service abuse has also become a headache for most e-commerce or shopping sites. Let's take one example to understand how hackers or misconduct users can benefit from it.

Case study – products on sale

Assume that one online shopping store is going to have a 50% discount on one new model phone for only the first 100 customers; it will be available at 12:00 on February 1.

What do hackers do?

For this kind of sale with 50 % profit is a great attraction for malicious users to do something. What underground users typically may do involves the massive registration of user accounts. There can be more than 10,000 users accounts registered in a short period of time just before the sales. At the moment of the sale, they will use automated scripts to trigger purchase behaviors and finish the orders within seconds. Once they have ordered or occupied all the phones, they may either sell them at higher prices or even not pay for the orders.

Is this illegal? These behaviors follow the business rules for registration and purchases. Although the behavior may not be against the law, it may be considered misconduct or service abuse. Therefore, this kind of on-sale activity may require additional business rules and regulations. After all, it's not purely hacking behavior. We will discuss this in later chapters. Here, we provide an overview of alleviating measures, which can be by means of business rules or technical approaches:

  • The sale is only limited to those customers with a certain period of purchase history
  • Apply CAPTCHA to distinguish humans from machines
  • Two-factor authentication and registration via phone SMS
  • Detection and correlation of IP, phone number, email, account ID, physical address, and GeoIP location
  • Unusual page browsing behavior such as skipping products and jumping to the purchase directly
  • Unusual massive logins or registration from the same IP or devices
You have been reading a chapter from
Hands-On Security in DevOps
Published in: Jul 2018
Publisher:
ISBN-13: 9781788995504
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at AU $24.99/month. Cancel anytime