Equifax Data Breach Analysis: Container Security Implications

The Equifax data breach is one of the largest and costliest customer data leaks in history. Let’s take a closer look at the vulnerabilities and exploits reportedly used. Could the use of containers have helped protect Equifax? We’ll examine how proper security in a container based infrastructure helps to make application security more effective.
The Apache Struts Exploit
Apache Struts is a widely used framework for creating web applications in Java. It was initially believed that the newly-published Struts vulnerability, CVE-2017-9805, was responsible for the Equifax data breach. However, the latest announcement from Equifax indicates that it was vulnerability CVE-2017-5638, which was discovered in March, that allowed the Equifax data breach. Before talking about what security strategies can prevent this type of incident, it’s useful to understand the nature of both vulnerabilities.
The vulnerable code of CVE-2017-9805 resides in the REST plugin of the Struts framework. The plugin fails to validate and deserialize safely the user uploaded data in the HTTP request. This allows attackers to write arbitrary binary code to the web server and execute it remotely.
Read the entire article here, Equifax Data Breach Analysis: Container Security Implications
Via the fine folks at NeuVectdor.
White Papers
Application Lifecycle Management with Stratusphere UX – White Paper
Enterprises today are faced with many challenges, and among those at the top of the list is the struggle surrounding the design, deployment, management and operations that support desktop applications. The demand for applications is increasing at an exponential rate, and organizations are being forced to consider platforms beyond physical, virtual and cloud-based environments. Users […]
Share this:
2018 Will Be The Year of Citrix Migration! eG Innovations and DABCC Survey Reveals Industry Trends for XenApp and XenDesktop 7.x Migration
IGEL Community Releases Free “How-To Install and Configure the IGEL Software Platform” Made Easy Book
IGELl’s Security Enhancements for Thin Clients – White Paper
White Paper: IT Performance Monitoring Tools – Reading Between the Lines
Does Deploying Citrix in the Cloud Make Performance Monitoring Easier? – White Paper