Copy-pasting from an email exchange:
Is the web app also facing issues or is the issue only with not
being to log on to the server with remote desktop for admin tasks? If
the app is also facing issues, we need to look into that also.
Maybe
we can follow a process of elimination, mitigating the most obvious
issues first, and then checking for deeper hidden issues.
The
most common attacks for web-based apps which display forms to the user
are brute force attacks which try to submit the forms automatically with
all sorts of junk and try to compromise the server. Our app and
the web interface do some user authentication using certain pages/forms,
right? Those forms/pages must be hardened as the first step of defense.
That is, they should not accept more than x number of characters, and
should not accept special characters (other than those which are
needed.)
If
user input sanitization is taken care, then if still problems persist,
next we have to look into the app logs if available and see if
particular user behaviour crashes the app. Or whether there is any issue
with multiple users logging in etc. We had done a test of this several
months ago, but some code changes might have changed things.
etc. etc. etc.
No comments:
Post a Comment