Web portal & commerce cyber forensics

For this discussion, we will refer the top open-source products like Liferay, Drupal, WordPress, etc. and one proprietary portal like SharePoint which has good documentation.

• Home - Liferay
• WordPress.com: Build a Site, Sell Your Stuff, Start a Blog & More
• Drupal - Open Source CMS | Drupal.org
• Microsoft SharePoint Online - Collaboration Software | Microsoft 365
• Always remember you can learn cutting edge tech internals from enterprise open source like Liferay, Canonical, RedHat, GitHub, CNCF, WordPress, Drupal, Apache Foundation, Mozilla Foundation, etc. - check top 20 open-source companies and contributors overall and on GITHUB / Google / Gemini / ChatGPT / Bing regularly ?

Before studying cyber forensics for portals and commerce area, we must understand it's architecture and security.

Web application architecture:

• Three tier architecture:
• CDN, WAF, Web server - Typically in external exposed subnet - Demilitarized subnet / zone?
• Application Server, Database, File Store, Search, Caching in internal subnet - Militarized zone?
• Integrations like IAM/LDAP/SSO, APIs, LLMs, AI, MQ, Kafka, etc. from various layers possible?
• Server / cloud / VM infrastructure / VPN

• Use-cases:
• Insurance policy administration
• Supplier portals
• Intranets?
• Search based use cases?
• Workflows / BPMs
• eCommerce?
• Public websites and more?

• Sample features:
• Documentation - Liferay Learn

• Deployment:
• Cloud
• In-prem / self-hosted?
• Clustered environment at most layers

Solutions could be monolith or micro-services driven, etc.

Security:

• Programming level?
• Secure programming around APIs, Integrations and more

• App server security
• Separate subnets?
• JVM security?

• Web server & overall security?
• Https?
• CSP?
• CSRF / CORS?
• XSS?
• Server hardening?
• Access / IAM / 2FA / MFA
• OWASP like SQL injection and more?
• Cookies & Sessions?
• DoS, DDoS, Malware, Spyware, etc.?
• And more - Security - Liferay Learn

• Products:
• Liferay?
• Drupal?
• WordPress?
• SharePoint, Mozilla foundation and many more?
• Custom portals, commerce built with PHP, Java, Dot Net and more?

Forensics:

• Logs of app server?
• Logs of web servers - Why? - IPs many times don’t pass beyond this layer of CDN, WAF, Web server?
• Logs of CDN, WAF
• Logs of cloud, infra, VM, etc. and details Network Management System, Application Performance Monitoring
• Database for the state - Very critical - don’t forget this if you get access to logs and overall access of portal?
• File store
• Search
• Code for integration, customizations
• Configurations - XMLs, etc.??
• Access logs and full control of all servers?
• DNS pings?
• Integration logs?
• Concerns: PII, Privacy, State of workflows, system, data, content, etc.?Multi session login by single user?and 2FA/MFA?
• Building chain of events?
• Audit trails if enabled?
• Admin and other rights?
• Data governance, data security, data analytics, web analytics like Google Analytics
• Logins, Logouts, Public APIs, Insecure APIs, Insecure servers, Authentication, Authorization?
• Understanding the resolution path: User -> ISP -> Internet over https -> DNS resolution -> Portal CDN -> WAF -> WS (External world and https typically breaks here) -> AS -> Integrations & Search -> DB and back it goes?

References:

• OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation

• DNS searches - WHOIS search?
• Address & owner searches?on WHOIS search
• Internet archive - Goback machine?
• ISP logs / Mobile tower logs
• ICAAN - ICANN Lookup
• Welcome to The Apache Software Foundation
• Homepage - Mozilla Foundation
• List of free and open-source software packages - Wikipedia

• Email me: Neil@HarwaniSytems.in
• Website: www.HarwaniSystems.in
• Blog: www.TechAndTrain.com/blog
• LinkedIn: Neil Harwani | LinkedIn