Real Time Attack Mitigation

Threat Stack Application Security (AppSec) Monitoring detects real time SQL injection and cross-site scripting attacks against your application. Once you add Threat Stack AppSec Monitoring to your application, Threat Stack AppSec continually monitors your application while it runs. If a malicious actor attacks your application, then Threat Stack AppSec Monitoring alerts you to the attack in your preferred chat service and can also block the attack execution before it occurs through the Self-Protect feature. Additionally, Threat Stack AppSec Monitoring captures details of the attack for later review and assessment. Attack notifications display on your selected microagent’s timeline.

Access Microagent Timeline

If Threat Stack AppSec Monitoring detects any active attacks, the attack notifications display on the Agent Timeline in the Attacks pane.

  1. In the left navigation bar, select the Applications tab. In the right view pane, the Projects screen displays and lists all projects available to you.
  2. In the row for project whose microagents you want to display, click the Agents button. In the right view pane, the Agents screen displays and lists all microagents available to you.
  3. In the row for the microagent on which to view attacks, click the microagent name. The Agent Overview screen displays.


    AgentOverviewScreen.png

    Any attacks detected by Threat Stack AppSec display in the Attacks pane.

    AttacksPane.png

Block Active Attacks against Your Application

You can choose to block active SQL injection and /or cross-site scripting attacks against your application using Threat Stack AppSec’s Self-Protect feature. Self-Protect automatically stops execution of malicious requests when you configure this functionality.

  1. Open the Command Line window and go to your Node application.
  2. Add one of the following as either an environment variable or in the bluefyre.json file:
    1. To block both SQL injections and cross-site scripting attacks, add the following command:
      BLUEFYRE_BLOCK_XSS=true BLUEFYRE_BLOCK_SQLI=true npm start
    2. To only block SQL injections, add the following command:
      BLUEFYRE_BLOCK_SQLI=true npm start
    3. To only block cross-site scripting attacks, add the following command:
      BLUEFYRE_BLOCK_XSS=true npm start
  3. Save the file. Now, if a SQL injection or a cross-site scripting attack occurs against your application, then Threat Stack AppSec’s Self-Protect feature stops the malicious request from executing in addition to notifying you about the attack.
Review and Remediate Attack Vectors against Your Application

Threat Stack AppSec displays an analysis of each attack against your application in the Attacks pane. Each attempted attack displays in its own row. From the Attacks pane, you can view details about a particular attack, learn more about the attack vector, and receive a remediation to prevent this type of attack from happening again.

The following diagram explains the information displayed in the Attacks pane.

AttacksPaneExplained.png

  1. Click the collapse / expand button to hide / show the Attacks pane.
  2. Timeline of attacks. The timeline displays the most recent attack first.
  3. The name of the attack.
  4. Whether the attack was detected or blocked. If you do not have Self-Protect configured, then this field always reads “detected”. Detected attacks can execute malicious requests.
  5. The date and time the attack occurred.
  6. Click the Information button to display the Risk Overview dialog. The Risk Overview dialog contains a detailed description of the type of attack, actions you can take to remediate the attack vector in your code base, and references for additional self-education on the type of attack.


    AttackRemediation.png

  7. Click the Details link to display the Attack Details dialog. The Attack Details dialog explains the attack vector, which includes a stack trace.


    AttackDetails.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request