Web Application Security Issues & Solution using UML
I was once involved in reviewing our company’s application architecture to identify security risks and recommend possible mitigation solutions.
Since every organisation has its own unique constraints, available resources, and risk appetite, the solution herein might not apply to other organisations.
Nevertheless, this post showcases what one can do with UML to document and explain (pictorially) security flaws in application architecture.
The as-is architecture follows.
A detailed explanation follows:
- The system (under design) is a Java Enterprise Application that is deployed in AppSvr (Application Server) within the Internal zone.
- The deployed application consists of both HTML-based as well as SOAP-based services.
- The 2 WebSvr’s ([Apache] Web Server) in the DMZ act as proxies.
- There is a load-balancing appliance used to balance requests to the web servers. A request pool has been created on the appliance (WebPool).
- The (public) user would access the URL endpoint of the appliance for every request.
- Similarly, other applications (Others) deployed on both the WebSvr and AppSvr would access the SOAP web services through the load balancer.
- Note that the public.softwarehard.sg is a public URL that is used by both the (public) user as well as other applications (SOAP-based services).
The security issue in this architecture is that the SOAP-based services are exposed to the public. What is worse is that these services are not secured by any form of authentication.
Having reviewed the existing architecture, the available resources and constraints, I proposed a solution that suited our risk appetite and incurred minimum changes to all applications.
With the use of another load balancing appliance (which we happened to have), we created another endpoint to access the SOAP web services.
This solution allowed us to
- mitigate the security risk
- minimise changes to all applications
- capitalise on the load-balancing appliances
Comments