Web application security - the fast guide 1.1 | Page 16

Chapter 1 - information Security overview
P a g e | 16
This layer safety is critical because it is the only guarantee that the data
will be partially or totally recovered after an attack or at least knowing
that the attack took place.
Response layer is an abstract layer because its contents might be
distributed over network, platform and application layer
1.4 The security of layers:
in a layer based model each layer provides services to the next layer in order.
one of the provided services is security thus each layer is responsible of
preventing any malicious attack from passing through to the next layer.but since
layers hold different nature it is sometime impossible for a specific layer to stop
an attack that ment to target deeper layer.lot of malicious requests can travel
freely without any problem through a specific layer as a legitimte requests
because request does not contain any sign of malicious activity related to that
layer.
Attacker might need to compromise more than one layer to be able to fulfill the
attack goals. Compromising a layer is not always the goal of attack it might be
only a step to compromise deeper layer to realize the target of attack.
The following drawing illustrates some examples of attack scenarios:
Network
layer
Platform
layer
Application
Layer
Data Layer
Response
Layer
Figure 6: Attacker bypass Network layer, platform layer and compromise Application layer to reach data
Network
layer
Platform
layer
Application
Layer
Data Layer
Response
Layer
Figure 7: Attacker bypass network layer and compromise platform layer to cause denial of service
Network
layer
Platform
layer
Application
Layer
Data Layer
Response
Layer
Figure 8: Attacker compromise Network layer and steal data while it is sent by man in the middle attack
It is important to understand that the security is as strong as the weekest layer
which means that the compromization of any layer might cause a security breach
of the system.