Reducing the Attack Surface Area
Web applications are vulnerable to security attacks. The risk of attack increases with the size or surface area of the application. This topic covers the following:
Introduction to attack surface area
How channel configuration reduces attack surface area
Introduction to Attack Surface Area
When your rich Internet application (RIA) e-commerce site is in the external zone, you increase the risk of attack to your commerce application resources via the Commerce Foundation. The risk increases with every feature you provide or service you expose because you increase the size or surface area of your exposed application. Surface area is a key security consideration in the development and configuration of your RIA and its interaction with your Commerce Foundation.
The most secure way to support a RIA in the external zone is to have an instance of the Commerce Foundation and a channel in the Commerce Foundation dedicated solely to supporting this RIA. Consider the e-commerce activities you want to provide to consumers through your RIA. Then, expose only those operations in the Commerce Foundation via the routing service to support those e-commerce activities.
Reducing surface area is an effective method of securing your RIA and Commerce Foundation. In addition, it improves the overall performance of your commerce server by reducing the memory required by the server and limiting requests to the server.
How Channel Configuration Reduces Your Attack Surface Area
Reducing attack surface area is unique to your Commerce Server implementation. You must consider the e-commerce activities you want to provide to consumers through your RIA. Then, you must expose only those operations in the Commerce Foundation via the routing service to support those e-commerce activities.
For example, you have a Solution Storefront in both the internal and external zones. You also have a RIA for smartphones. The internal Solution Storefront allows employees to manage your Internet business using the Silverlight business management tools. The external Solution Storefront allows consumers to browse and purchase products on the Internet. The RIA for smartphones only allows consumers to browse products and view advertisements.
For security, the Solution Storefront and RIA should have their own Commerce Foundation, as shown in the following figure.
.gif "Hh567632.7f740d9b-573c-48ee-8ef2-ffdd08108144(en-us,CS.95).gif")
The Solution Storefront Web channel uses the full suite of operation message handlers in the ChannelConfiguration.config settings. However, for the RIA with limited features, we reduce the surface attack area by removing unused channels and operation sequences from the ChannelConfiguration.config settings and unused entities from the MetadataDefinitions.xml settings. In addition, we review and apply authorization rules to any remaining entities to control the operations accessed by the client.
In our example, the RIA channel only uses the following message handlers:
Catalog browsing message handlers |
Marketing advertisement message handlers |
CommerceOperationQuery_Product |
CommerceOperationQuery_ContentSelector |
CommerceOperationQuery_Category |
CommerceOperationQuery_ContentSelectorCollection |
CommerceOperationQuery_Catalog |
CommerceOperationQuery_DiscountDefinition |
CommerceOperationQuery_Channel |
|
CommerceOperationQuery_Site |
See Also
Other Resources
Considerations for Secure Deployment of Rich Internet Applications (RIAs)
Considerations Prior to Supporting RIAs
Mitigating Cross-Site Request Forgery (CSRF) Attacks