Mozilla Working On Making Its Applications Attack-Aware

  /     /     /  
Publicated : 22/11/2024   Category : security


Mozilla Working On Making Its Applications Attack-Aware


Application would sniff out malicious user activity



Mozilla plans to build an alarm system into its software that can detect attacks against its Web applications -- and ultimately block the attacker altogether.
The idea behind an attack aware application is that the application is able to identify abnormal user actions that are not due to user errors, such as typos, and are instead the result of deliberate attacks against the application. The goal is to detect a malicious user probing for application weaknesses and disable their ability to cause damage to the system, said Michael Coates, Web security nomad for Mozilla, in a blog post today.
The application would use a blacklist approach to detecting a possible attack, Coates wrote. He used the example of a malicious user inserting rogue values in the password-reset token URL. There is no reason a user would accidentally modify the URL to include a potential SQL injection attack. Therefore false positive rates are low and the likelihood of the user purposely attacking the application is high, he blogged.
Unlike a Web application firewall (WAF), which looks for attacks against all types of apps, Mozillas new security feature would look for attacks targeting its apps, and it looks for activity in the app, according to Coates.
Coates noted that the attack-aware function is yet another layer to supplement the security efforts at Mozilla and does not replace any of them. The initiatives include threat modeling, security training, secure development, code review, testing, and its bug bounty program. Attack-aware applications are akin to a bank that has been built securely and then installs an alarm system to detect attempted attacks, he
wrote
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Mozilla Working On Making Its Applications Attack-Aware