Monday, 14 March 2016

How Web Application Forensics Investigation can Help Mitigate Web Attacks - An Introduction


Web based networks (social networks, online communities and so on) are a product of one of the greatest ICT invention - The internet. The internet has made online communication and information sharing among people around the globe much easier. Modern technology further add to this ease through the production of smart communication gadgets like iphones, tablets, notebook PCs, etc. One of the major challenge of the world wide web is security risk. Since it is a public place where anybody can connect to, malicious activities are easily carried. With hackers, fraudsters, phishers and other malicious users of the internet all over the web, there is a need to take necessary steps to protect the integrity of data available on the internet. One of such step is forensic investigation of successful web attacks.

Web application forensics investigation is the process of tracing a web attack back to its origination using fingerprints left behind in order to track the propagator and location where the attack was carried out. Forensics investigation can be done on both client side (client browsers, computer, etc) and server side (web server, application server, database server, etc) but we are more concerned about the server side. Forensics done on client side is more valuable to criminal investigation agencies than web developers trying to protect their web applications from attack.

Many may wonder how forensic investigation of an attack can help mitigate risk. But here is the catch; not been able to track an attack encourages the attacker to launch further attacks. Also when we are able to find out 80% information about the attack, further attack can be prevented and attempt of suspicious activities detected. The forensics investigation can basically be done by analyzing server logs as well event logs of the operating systems on which the servers are running. These logs can provide such information as IP address of visitors, user agent, date and time of visit and so on. Depending on the skill and dexterity of the security personnel in charge, the information gathered can lead to a great deal of progress.


 This post is meant to enlighten web developers out about how forensics investigation can help in reducing web attacks. Servers side web application forensics is what we focused on here but when it is combined with client side can provide investigation agencies like the CIA (Criminal Investigation Agency) of USA (United State of America)  with tangible information to track down cyber criminals. Though, full implementation is not given here, I believe this is a good starting point for newbies to web application forensics. For indepth knowledge, get this great web forensic book from Amazon.


Post a Comment

Add a comment here