LATERAL MOVEMENT
CONTEXT
Attackers are adept at manipulating security tokens and adapting them to find ways to
move laterally across a system. Lateral movement is a powerful attack technique, because
an externally accessible API server may be programmed by developers to talk to a database
(let's call it database A). Attackers can leverage vulnerabilities to cra API requests that access
databases B,C, and D, app servers E,F, and G, and enterprise message servers X, Y, and Z.
VULNERABILITIES IDENTIFICATION & TRACKING
Direct object reference, cross-site request
forgery and open redirects are three
examples of vulnerabilities where lateral
movement is used as a vector to bypass
authorization.
This is a challenge for security architects,
because the expected request will likely work
as planned. But detecting lateral movement
means that unexpected sequences and
combinations must be attempted.
COUNTERMEASURE(S)
API gateways should enforce a strict token scoping and validation policy that limits what is accessible
to each API caller. The API server should validate the inbound request against the token scope. The
gateway should dispatch any request to a list of approved services.
ASSURANCE
Lateral movement is not an area where automated tools are particularly beneficial. Manual
testing and fuzzing, along with penetration testing, is likely required for a security architect to
sleep at night.
05
|
The Curious Case of Lateral Movement
