Web portal & commerce cyber forensics

Credits: www.Pixabay.com

For this discussion, we will refer the top open-source products like Liferay, Drupal, WordPress, etc. and one proprietary portal like SharePoint which has good documentation.

Before studying cyber forensics for portals and commerce area, we must understand it’s architecture and security.

Web application architecture:

  • Three tier architecture:
  • CDN, WAF, Web server – Typically in external exposed subnet – Demilitarized subnet / zone
  • Application Server, Database, File Store, Search, Caching in internal subnet – Militarized zone
  • Integrations like IAM/LDAP/SSO, APIs, LLMs, AI, MQ, Kafka, etc. from various layers possible
  • Server / cloud / VM infrastructure / VPN
  • Use-cases:
  • Insurance policy administration
  • Supplier portals
  • Intranets
  • Search based use cases
  • Workflows / BPMs
  • eCommerce
  • Public websites and more
  • Deployment:
  • Cloud
  • In-prem / self-hosted
  • Clustered environment at most layers

Solutions could be monolith or micro-services driven, etc.

Security:

  • Programming level
  • Secure programming around APIs, Integrations and more
  • App server security
  • Separate subnets
  • JVM security
  • Web server & overall security
  • Https
  • CSP
  • CSRF / CORS
  • XSS
  • Server hardening
  • Access / IAM / 2FA / MFA
  • OWASP like SQL injection and more
  • Cookies & Sessions
  • DoS, DDoS, Malware, Spyware, etc.
  • And more – Security – Liferay Learn
  • Products:
  • Liferay
  • Drupal
  • WordPress
  • SharePoint, Mozilla foundation and many more
  • Custom portals, commerce built with PHP, Java, Dot Net and more

Forensics:

  • Logs of app server
  • Logs of web servers – Why? – IPs many times don’t pass beyond this layer of CDN, WAF, Web server
  • Logs of CDN, WAF
  • Logs of cloud, infra, VM, etc. and details Network Management System, Application Performance Monitoring
  • Database for the state – Very critical – don’t forget this if you get access to logs and overall access of portal
  • File store
  • Search
  • Code for integration, customizations
  • Configurations – XMLs, etc.
  • Access logs and full control of all servers
  • DNS pings
  • Integration logs
  • Concerns: PII, Privacy, State of workflows, system, data, content, etc. Multi session login by single user and 2FA/MFA
  • Building chain of events
  • Audit trails if enabled
  • Admin and other rights
  • Data governance, data security, data analytics, web analytics like Google Analytics
  • Logins, Logouts, Public APIs, Insecure APIs, Insecure servers, Authentication, Authorization
  • Understanding the resolution path: User -> ISP -> Internet over https -> DNS resolution -> Portal CDN -> WAF -> WS (External world and https typically breaks here) -> AS -> Integrations & Search -> DB and back it goes

References:

By Neil Harwani

Interested in movies, music, history, computer science, software, engineering and technology

Leave a comment