This topic answers frequently asked questions about using Application Security.
Does Application Security affect application performance?
Application Security has minimal impact on application performance, compatibility, and stability. In tests, it adds less than 1% of CPU overhead, uses less than 30 MB of memory, and introduces less than 1 ms of latency (RT). Additionally, Application Security includes features like observation mode and a soft circuit breaking mechanism to minimize interference with your application's runtime.
How do I enable Application Security?
You can enable Application Security with a single click on the ARMS console. After you enable it, restart the instances for the target application. You do not need to change any code. Application Security currently supports only Java applications. For detailed steps, see Enable Application Security.
How do I protect my application with Application Security?
Attacks that Application Security detects represent real security threats. Compared with traditional detection methods that rely on traffic signatures, Application Security has a very low false positive rate. Therefore, you must take any detected attack seriously. When you first enable Application Security, the default protection mode is monitoring mode. After you confirm that your application is running stably, you can switch to Monitor and Block mode.
Why are there no attack statistics?
Attack data may be missing for one of three reasons:
-
The application is not fully integrated. After you clicked Monitor in the console, you did not restart the application's instance, or you restarted only some of the instances.
-
The application's Java agent is outdated. Application Security requires one of the following agent versions. For more information, see Enable Application Security.
-
For auto-update scenarios, such as applications in Container Service and EDAS, the agent version must be v2.7.1.2 or later.
NoteIn auto-update scenarios, you can automatically update the agent by restarting the application or pod. For more information, see Upgrade the ARMS agent.
-
For other manual update scenarios, the agent version must be v2.7.1.3 or later.
-
-
No successful attacks have occurred. Unlike a traditional firewall, Application Security records only successful attacks. A traditional firewall reports an attack when it detects malicious characteristics in data packets. However, malicious characteristics do not guarantee a successful attack. For example, an attack request that exploits a PHP vulnerability is meaningless in a Java environment. A successful attack means the attacker has breached the outer defenses and can penetrate the internal environment of your application to perform malicious operations. Your application may not experience many successful attacks, but you must treat each one seriously. Block the attack or promptly fix the underlying vulnerability.
Handling vulnerabilities in Risky Component Detection
Vulnerabilities found by Risky Component Detection are all public. Attackers may exploit these vulnerabilities to launch intrusions. Even if a vulnerability cannot be exploited now, it could become exploitable as your application's code evolves. In most cases, Application Security can defend against these vulnerabilities, provided that the prevention mode for the relevant application is switched to Monitor and Block instead of the default Monitor mode.
You should also fix these vulnerabilities promptly. You can log on to the ARMS console. On the page, find the target vulnerability in the list and click View in the Details column. On the Details tab, view the recommended fixes in the Fix Reference section. Most recommendations are official upgrade paths or fixes from the component vendors. You can also search for the CVE ID of a vulnerability in a search engine to find related solutions.