Fayyaz Rajpari

In today’s remote world with defined perimeters, the cloud, and microservices, understanding how to respond to unique application attacks can be impactful to any organization. As an application security professional, it is important to understand and apply an incident response (IR) framework, such as the one from the SANS Institute.

First, when a software vulnerability is exploited to gain access to systems for malicious intent, it is known as an application security attack. The problem gets worse when an attacker gains access to credentials via exploiting a vulnerability and then compounds it with another attack. A credential stuffing attack is a good example of this because it involves stealing compromised credentials gained from an exposed database. Although it’s bad security hygiene, it is common for people to use the same passwords for numerous applications. The attacker will always use this to their advantage. Once an exploit is found and used against the vulnerability, numerous credentials are exposed on the database. The attacker then applies the username and passwords to hundreds of websites that the victim frequently visits.

Let’s say that an adversary has successfully exposed a database and has stolen credentials from that database to access other websites that share those credentials. Furthermore, ...