Akamai Diversity
Home > Web Security

Recently in Web Security Category

Web Security Lacking at Hospitals

While hospitals are ramping up security efforts to protect information, a large percentage of them are vulnerable to attacks on their web sites.  Less than two-thirds of hospitals participating in a recent survey reported having on-premise web application firewalls in place, and fewer than half reported having defenses in place to thwart distributed denial of service (DDoS) attacks.  Read more here.

Last of OWASP's Top 10 Still a Potent Threat


Open redirection is the last item on the OWASP Top 10, and it is considered a Web application functionality that can be used by attackers to redirect users from trusted domains to untrusted domains. But it is a potent problem, as Akamai's Threat Research Team discovered in their research on an unusual malicious SEO attack campaign that abused Web applications' open redirect functionality.

Developing a PoC Step by Step

I've received numerous questions about how I found so many Wordpress plugin vulnerabilities and how to write the exploits that were essential to the research.  I'll be honest, it's not hard if you have some experience in php programming and basic knowledge of secure programming.  To simplify things, we will narrow down certain traits of what plugins to examine.

Cyber Monday: DDoS vs. Flash Mob

Today is Cyber Monday, which is historically the day when many retailers encourage online holiday shopping. Online retailers may see large spikes in traffic to their sites. It is possible that some may interpret these spikes as a DDoS, but in reality it may be what we refer to as a "flash mob". 

A flash mob is a large amount of legitimate traffic being sent to a specific site. One way we can often differentiate between a flash mob and a DDoS is by the number of requests per client. A DDoS can have a high or low number of clients with a very high number of requests each client. A flash mob will have a very high number of clients but a relatively low number of requests per client. This is because in the flash mob, the client requests are being sent from a human and not an automated script. 

The remediation of a flash mob is cache offloading, so as much content as possible can be served from the edge and leave the origin servers for tasks that only they can do.

If you are an Akamai customer who feels they are being attacked with DDoS traffic, please follow the usual incident protocols and contact your Customer Care representative, but Akamai's SIRT is also available to assist and to investigate deeper into the traffic. 

2015 Holiday Shopping Predictions for Retailers

We're gearing up for some of the busiest days of the holiday season and that means we're starting to make some predictions around consumer shopping behavior and what retailers can expect to see this year. 

Last year around this same time, we saw an early start to the shopping season, evidenced by an uptick in activity starting as early as Nov. 2. The latest American Express Spending & Saving Tracker supports this prediction, stating that just under 45 percent of consumers plan to shop on Black Friday and another 47 percent say they will shop on Cyber Monday. Similarly, Research from the National Retail Federation (NRF) affirms that in 2014 the estimated number of Cyber Monday shoppers was 127 million, with the number of people who shopped on Black Friday at 87 million.

Being truly 'ready' for the holidays means different things to different people and organizations. For consumers, it is getting your house decorated, shopping done and enjoying time with both family and friends. For online retailers, it is finalizing deals, ensuring your website can handle the substantial increase in inbound traffic and of course, the elephant in the metaphorical room, web security and its importance in maintaining a positive brand reputation.

Protect Your Site From Hacking and Fraud During the Holidays

"The threat posed by distributed DoS [DDoS] and web application attacks continues to grow each quarter," said John Summers, vice president for Akamai's cloud security business sector. Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.

The traffic on the Internet increased during the 2014 holiday season, so did the number of all types of attack traffic (including application-layer attacks and volumetric, distributed denial of service (DDoS) attacks) reported the Akamai's Threat Advisory.  Many attackers mask themselves in a sea of "good" online traffic by using proxy addresses that enable them to browse the web anonymously and without geographic origin. Most of these volumetric attacks originate from Bots, software applications that run automated tasks over the Internet.

Java Deserialization CVE-2015-4852 on Akamai

By Clark Shishido, Akamai SIRT Security Response Engineer


Applications written in Java commonly use a call-in function from a widely deployed library to decode data passed between computers. The call is java.io.ObjectInputStream.readObject from Apache commons-collection. 


An attacker can append arbitrary data to a base64 encoded serial data stream, which will then be deserialized when the data is read into a Java application. By appending malicious payloads to the stream, the attacker can execute arbitrary commands on a vulnerable server.



Surviving The Switch from SHA-1 to SHA-2

By Meg Grady-Troia and Bill Brenner


As we move toward 2016, browser developers have moved to retire the SHA-1 cryptographic hash algorithm in favor of SHA-2. Browsers are beginning to show warnings or errors for HTTPS connections made to servers presenting certificate chains signed using SHA-1.


Companies like Google, Mozilla, Microsoft and the CAB/Browser Forum have released their own descriptions of how they're managing the process. This post describes the Akamai-compatible workflow to help you manage the change process for your properties easily, regardless of the signatory Certificate Authority (CA) on your certificate.

The Rising Risk of Electronic Medical Records

By Bill Brenner, Akamai SIRT Senior Tech Writer


Akamai's Security Intelligence Research Team (SIRT) released a new whitepaper this morning about the rising risks medical organizations face as they become increasingly dependent on digitized record keeping.


The use of Electronic Medical Records (EMRs) and a more digitally integrated medical records system is no longer science fiction, and the task of securing sensitive medical data is a daunting challenge. The threat landscape continues to shift rapidly, and business responses need to keep up.


The whitepaper, written by Security Response Engineer Benjamin Brown, examines the risks, and outlines steps organizations can take to keep attackers at bay.