External Session Risk
External session risk refers to the potential threats and vulnerabilities that can compromise a user's active session with a web application or service from an external attacker's perspective.
Here's a breakdown:
User Session: When a user interacts with a web application (e.g., online banking, email), a session is created to maintain their logged-in state.
External Threats: These are attacks launched outside the organization's network by actors without authorized access.
Compromising a Session: An attacker gains unauthorized control, allowing them to act as the legitimate user.
Key aspects of external session risk include:
Vulnerable Web Applications: Weaknesses in the application's code or design that attackers can exploit.
Network-based Attacks: Interception of session data as it travels between the user and the server.
Client-side Attacks: Manipulating the user's browser or computer to steal session information.
Understanding and mitigating external session risk is crucial for protecting user accounts and sensitive data.
Here’s how ThreatNG effectively addresses external session risk, emphasizing its strengths based on the provided description:
ThreatNG's external discovery capabilities provide a comprehensive view of where external session risk can arise. ThreatNG identifies all external-facing assets that handle user sessions by performing unauthenticated discovery. This is crucial because attackers target these assets as entry points. ThreatNG's discovery capabilities also include identifying web applications and subdomains, which are primary targets for session-based attacks.
While ThreatNG doesn't have a specific "External Session Risk" assessment, its existing assessments offer valuable insights:
Web Application Hijack Susceptibility: This assessment is highly relevant. ThreatNG analyzes the external-facing parts of web applications to find potential entry points for attackers. This directly aligns with identifying vulnerabilities in session management within those applications.
Cyber Risk Exposure: ThreatNG's assessment considers parameters from its Domain Intelligence module, including vulnerabilities. This contributes to understanding the broader context of vulnerabilities that could be chained together to compromise a session.
Code Secret Exposure: ThreatNG's ability to discover code repositories and their exposure level and investigate their contents for sensitive data is critical. Exposed session keys or other sensitive credentials in code are a significant external session risk.
3. Reporting
ThreatNG's reporting capabilities effectively communicate information about external session risks:
Reports can prioritize web applications with high "Web Application Hijack Susceptibility," immediately highlighting applications with potential session vulnerabilities.
"Code Secret Exposure" reports can alert security teams to the presence of exposed credentials that could be used to compromise sessions.
ThreatNG's continuous monitoring of the external attack surface is a powerful tool for managing external session risk. Web applications and their security configurations change, and ThreatNG's continuous monitoring ensures that new vulnerabilities are detected promptly.
ThreatNG's investigation modules provide detailed information for analyzing external session risks:
Subdomain Intelligence includes "HTTP Responses" and "Header Analysis (Security Headers)," which can reveal critical session security configurations like the presence or absence of secure flags on cookies.
Sensitive Code Exposure: This module enables security teams to investigate code repositories and discover exposed session-related secrets or vulnerabilities in session management code.
6. Working with Complementary Solutions
ThreatNG's capabilities enhance other security tools:
ThreatNG can provide valuable information to Web Application Firewalls (WAFs) about web application vulnerabilities related to session management, enabling the WAF to provide more targeted protection.
ThreatNG's findings on exposed code secrets can be integrated with Identity and Access Management (IAM) systems to enforce stronger session security policies and practices.
7. Examples of ThreatNG Helping
ThreatNG identifies a web application with a high "Web Application Hijack Susceptibility" due to missing HTTP security headers, directly indicating an elevated external session risk.
ThreatNG discovers a public code repository containing exposed session encryption keys, preventing potential external attackers from using those keys to compromise user sessions.
ThreatNG offers a comprehensive and proactive approach to managing external session risk. Its external discovery, assessment, reporting, continuous monitoring, and investigation modules provide valuable insights and capabilities to defend against session-based attacks.
