WAPPLES Introduction & the Future
|
|
- Easter Tate
- 5 years ago
- Views:
Transcription
1 WAPPLES Introduction & the Future March, 2011 Penta Security Systems Inc.
2 Table of Contents Why a Web Application Firewall? Risk on the rise Targets of web attacks Why should we care about web application attacks? What Is a Web Application Firewall? WAF is for What? FW, IDS/IPS, and WAF enabled list Boasting Top-notch WAF - WAPPLES Intelligent Web Application Firewall - WAPPLES Key Differences WAPPLES logical analytic detection engine WAPPLES Major Features Must-have Trend Cloud Computing Security 2
3 Why Web Application Firewall Risk on the rise! Expansion of web applications B2B, B2C, G2C, etc. Used for internal tasks as well as external services Rapid growth of web vulnerabilities 53% of all vulnerabilities disclosed in 2008 were related to web applications 1 Only 26% of known vulnerabilities are patched by the end of Web applications are the #1 focus of hackers: One new infected webpage is discovered every 4.5 seconds 2 SQL Injections are the #1 reported vulnerability 3 Others, 30% SQL Injection, 30% CSRF, 3% 1. IBM Internet Security Systems in 2008 X-Force Trend & Risk Report 2. Sophos, Security threat report: Prepare for this year s new threats 3. WASC : The Web Hacking Incidents Database Cross Site Scripting (XSS), 8% Unknown, 29% 3
4 Why a Web Application Firewall? Targets of web attacks Injection Flaws Command execution by query Sniffing SSL redirection Web Server S/W Vulnerabilities Request Response Cross Site Scripting (XSS) Active Contents Execution Authentication / Authorization Site Structure Input Validation Attack on Application Logic 4
5 Why a Web Application Firewall? Why should we care about web application attacks? Security Spending % of Attacks 75% Web Applications 10% % of Dollars 25% Network Servers 90% 75% of attacks on Information Security are directed to the Web Application Layer - Gartner - 5
6 Why a Web Application Firewall? Web application firewall has a higher priority Web applications are the #1 focus of hackers 75% of attacks are directed at the Application layer (Gartner) SQL Injections are the #1 reported vulnerability (The web hacking incidents DB, 2008) Most websites are vulnerable 90% of websites are vulnerable to application attacks (Watchfire) 78% percent of easily exploitable vulnerabilities affect Web applications (Symantec) 80% of organizations will experience an application security incident by 2010 (Gartner) Web applications are high value targets for hackers Customer data, Credit Cards, Social Security Numbers, ID theft, fraud, website defacement, etc. Compliance requirements Payment Card Industry Standards (PCI-DSS), GLBA, HIPPA, and FISMA 6
7 Why a Web Application Firewall? Cost Saving Introducing a WAF is cost-saving for a company s IT resources Much more cost effective than hiring a person to manage application security manually Item Assumptions Sum <Revenue in U$> Homepage source code lines 100,000 Lines Number of vulnerabilities per source code 1,000 lines 10 1,000 Time to find and eliminate 1 vulnerability 6 hr. 6,000hr. Average working hours a day 8 hr. 750days Daily payment for engineer ,500 US CERT, DEPT 7
8 What Is a Web Application Firewall? Application Security Is A Totally Different World Network Security Part of IT Networking Experts Product Focused 1000s of Copies Signature Based Patch Management Application Security Part of Business Units Software Experts Custom Code Focused 1 Copy of Software No Signatures Prevents Vulnerabilities Don t let anyone rely on network security techniques to gain application security 8
9 What Is a Web Application Firewall? WAF Is For What? Definition It executes a security analysis of the OSI 7 layer between all messages between the web server and the web client. It protects against attacks aimed at the web application. Roles Protects web servers from external attacks (service in) Protects against leakage of the web server s most important information (service out) Web Application Firewall IDS / IPS Network Firewall 9
10 What Is a Web Application Firewall? WAF Is For What? (Cont d) OSI 7 Layers Protection Device Web Application Firewall Based on White-list Signature Detects highly sophisticated attacks and encoded traffic Detects unknown attacks Analyzes not only protocol but also context Intrusion Detection / Prevention System Based on Black-list Signature Detects by comparing patterns of attack signatures with network traffic Cannot detect unknown attacks Network Firewall Allows/blocks the specific port of the specific IP bandwidth Does not have attack detection ability 10
11 What Is a Web Application Firewall? FW, IDS/IPS, and WAF enabled list Top Ten 2010* FW IDS / IPS WAF A1: Injection X O A2: Cross Site Scripting (XSS) X O A3: Broken Authentication and Session Management X O A4: Insecure Direct Object References X X O A5: Cross Site Request Forgery (CSRF) X X O A6: Security Misconfiguration X X O A7: Insecure Cryptographic Storage X X O A8: Failure to Restrict URL Access X X O A9: Insufficient Transport Layer Protection X O O A10: Unvalidated Redirects and Forwards X X O * OWASP Top Ten Web Application Security Vulnerabilities (2010) 11
12 Boasting Top-Notch WAF - WAPPLES Intelligent Web Application Firewall - WAPPLES PORT 23 Close PORT 80 Open Firewall WAPPLES Web Application Firewall Web Server Protection of Web Applications 12
13 Boasting Top-Notch WAF - WAPPLES Key Differences WAPPLES s advanced architecture and technology provides the strongest intrusion detection and protection for web applications with near 0 false positive detection and an immunity to unknown attacks. Unique Logic Based Detection Engine provides automated best of breed detection/protection capability for web applications, overcoming configuration/operation complexity (which had been the biggest barrier toward rapid growth of the WAF market, in spite of its critical importance). Commercially proven and tested solution with more than 900 customers including SMB to Large Enterprises. 9+ years of experience in WAF business 13
14 Boasting Top-Notch WAF - WAPPLES WAPPLES logical analytic detection engine is called COCEP COCEP stands for COntents Classification and Evaluation Processing. Logic analysis based engine is not a signature based approach. It analyzes and blocks each type of attack. 14
15 Boasting Top-Notch WAF - WAPPLES Our Detection Engine uses 3 evaluation mechanisms Logical analytic engine means a detection engine performs an application layer interpretation and verification based on the below 3 mechanisms: Evaluation based on Heuristic analysis Evaluation based on Semantic analysis Evaluation based on Pattern Matching WAPPLES 26 detection rules and 1 function (IP Block) can be classified as follows: Evaluation based on Heuristic Analysis Evaluation based on Semantic Analysis Cross Site Scripting Include Injection Evaluation based on Pattern Matching Buffer Overflow Directory Listing Cookie Poisoning Invalid HTTP Error Handling IP Block Invalid URI Extension Filtering Parameter Tampering Parameter Tampering File Upload Suspicious Access Privacy File Filtering Input Content Filtering URI Access Control Privacy Input Filtering IP Filtering Privacy Output Filtering Request Header Filtering SQL Injection Stealth Commanding Request Method Filtering Response Header Filtering User Defined Pattern Web Site Defacement Unicode Directory Traversal 15
16 Boasting Top-Notch WAF - WAPPLES WAPPLES Unique Technology Enables the Following: Higher Performance No additional system load due to the inputting of new patterns. Generally, more than 3000 patterns lead to low system performance. No difference in performance, in both test environment and real operation environment. Ease of Use and Less Maintenance Installation without (or with minimal) changes in server and network settings is possible. Extremely low management burden for administrator. Low operation cost signature update service, but S/W version update service. Visualizes Various Information Web Traffic, Hit Count, Detection Log summary Statistics for hour, day, week, month, and year Supports more than 22 visualized charts 16
17 Boasting Top-Notch WAF - WAPPLES WAPPLES Major Features Provides User View using Docking Capability Relocation of each window Saves User View settings Supports Quick Configuration Supports configuration by levels Simplifies complex settings 17
18 Certifications and Patents Korea National Intelligence Service CC Evaluation (EAL4) Registration No. NISS PCI-DSS Certification Registration No. AK Patents United States: METHOD OF DETECTING A WEB APPLICATION ATTACK U.S. Application No. 12/876,820 China: METHOD OF DETECTING A WEB APPLICATION ATTACK Chinese Patent Application for Invention No Japan: METHOD OF DETECTING A WEB APPLICATION ATTACK Japanese Patent Application No Republic of Korea: 2 patents are registered METHOD FOR DETECTING A WEB APPLICATION ATTACK METHOD FOR DETECTING A WEB ATTACK BASED ON A SECURITY RULE
19 Boasting Topnotch WAF - WAPPLES Class Value Performance High-End Model WAPPLES-50 WAPPLES-100 eco WAPPLES-500 WAPPLES-1000 type2 WAPPLES-2000 WAPPLES-5000 Appearance Capacity Maximum Throughput 100 Mbps 300 Mbps 500 Mbps 2 Gbps 4 Gbps 6 Gbps HTTP Transactions/sec 3,000 9,000 15,000 30,000 50,000 70,000 SSL Transactions/sec 2,000 5,000 8,000 15,000 24,000 33,000 Hardware Form Factor 1U 1U 1U 2U 2U 2U CPU Intel Dual Core 2.5GHz Intel Quad Core 2.66GHz Intel Quad Core Xeon 2.66GHz Intel Quad Core Xeon 2.33GHz * 2 Intel Quad Core Xeon 2.66GHz *2 Intel Westmere 2.53GHz * 2 Memory 2 GB 4 GB 8 GB 8 GB 16 GB 24 GB HDD 160GB 500GB 500GB 500GB 500GB 1TB Dimensions 443mm/292mm/44.5m m 443mm/292mm/44.5m m 443mm/406mm/44.5mm 443mm/512mm/88mm 443mm/512mm/88mm 431.8mm/580mm/88mm Weight 8Kg 8Kg 11Kg 18.75Kg 18.75Kg 21KG NIC 2 x10/100/1000 BaseTX 4 x10/100/1000 BaseTX Bypass 2 x10/100/1000 BaseTX 8 x10/100/1000 BaseTX Bypass 6 x10/100/1000 BaseTX Bypass OR 2 x1000 Base Optical Bypass 2 x10/100/1000 BaseTX Bypass 8 x10/100/1000 BaseTX Bypass 2 x1000 BaseSFP (Optional) 2 x1000 Base Optical Bypass 2 x10/100/1000 BaseTX 8 x10/100/1000 BaseTX Bypass 4 x1000 BaseSFP (Optional) 2 x1000 Base Optical Bypass 2 x10/100/1000 BaseTX 8 x10/100/1000 BaseTX Bypass 4 x1000 BaseSFP 2 x1000 Base Optical Bypass (Optional) 4 x1000 Base Optical Bypass 2 x10g Base Optical Bypass Power Supply AC100~240V 50/60Hz 200W AC100~240V 50/60Hz 200W AC100~240V 50/60Hz 300W AC100~240V 50/60Hz 400W Redundant Power Supply AC100~240V 50/60Hz 400W Redundant Power Supply AC100~240V 50/60Hz 500W Redundant Power Supply 19
20 Must-have Trend Must-have Trend - Cloud Computing Security Web-based cloud computing All businesses (services) based on cloud computing are provided via the web: whether it is in the form of IaaS, PaaS, SaaS The service that satisfies the essential characteristics of Cloud Computing is the web (according to the Visual Model of NIST Working Definition) The web is the most appropriate and optimized interface to provide cloud computing service It s the Web! Cloud Computing Security is Web Application Security Since cloud computing is web-based, its security issues have much in common with web application security. 20
21 Must-have Trend Cloud Computing Security Is A No. 1 Issue Cloud computing issues : Security There are many issues related to newly-rising cloud computing: Performance, Availability, Integration, etc. Despite the existence of many issues, security sector is the most important one. The challenges/issues ascribed to the cloud /ondemand model Security Performance 63.1% 74.6% Source: IDC Enterprise Panel, August 2008 Availability 63.1% Hard to integrate with in-house IT 61.1% Not enough ability to customize 55.8% 40% 50% 60% 70% 80% 21
22 Must-have Trend WAPPLES Meets the Demands Cloud Computing Environment Web service User Virtual appliance(waf) V50 V500 V1000 V2000 V4000 CPU 1 Cores 2 Cores 4 Cores 8 Cores 16 Cores Performance CPS (Connection per Second) Minimum requirements per physical host <2011 Virtual Appliance Lineup> 5,000 10,000 20,000 40,000 80,000 Hypervisor Processor Memory Hard drive Network Interface Citrix XenServer 5 (update 3 or higher); VMWare ESX/ESXi 3.5 or higher Dual core server with Intel VTx 2 GB 20 GB Hypervisor supported network interface card 22
23 Thank you. Penta Security Systems Inc. Hanjin Shipping Bld. 20F, Seoul, Korea TEL: FAX: Penta Security Systems K.K. 東京都浜田区赤坂 アセンド赤坂 3 階 TEL: FAX:
May 2014 Penta Security Systems Inc.
May 2014 Inc. Introduction The overall cloud computing environment is evolving at an in increasing rate. The effective and cost-efficient nature of cloud environments has been drawing attention of numerous
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationGOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
More informationSecuring Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
More informationOWASP TOP OWASP TOP
ANALYZING THE OWASP TOP 10 TOP APPLICATION SECURITY THREATS & HOW TO MITIGATE THEM Cars require seatbelts. Pill bottles need safety caps. Applications need web application firewalls, and for good reason.
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationCitrix NetScaler AppFirewall and Web App Security Service
Data Sheet Citrix NetScaler AppFirewall and Web App Security Service Citrix NetScaler AppFirewall TM is a comprehensive full function ICSA, Common Criteria, FIPS-certified web application firewall that
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationSecuring Cloud Applications with a Distributed Web Application Firewall Riverbed Technology
Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationApplication Layer Security
Application Layer Security General overview Ma. Angel Marquez Andrade Benefits of web Applications: No need to distribute separate client software Changes to the interface take effect immediately Client-side
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationF5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe
F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache
More informationWeb Application Firewall
Web Application Firewall Take chances with innovation, not security. HaltDos Web Application Firewall offers unmatched security capabilities, customization options and reporting analytics for the most
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationVULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED
AUTOMATED CODE ANALYSIS WEB APPLICATION VULNERABILITIES IN 2017 CONTENTS Introduction...3 Testing methods and classification...3 1. Executive summary...4 2. How PT AI works...4 2.1. Verifying vulnerabilities...5
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationSecurity Communications and Awareness
Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationhaltdos - Web Application Firewall
haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection
More informationVulnerabilities in online banking applications
Vulnerabilities in online banking applications 2019 Contents Introduction... 2 Executive summary... 2 Trends... 2 Overall statistics... 3 Comparison of in-house and off-the-shelf applications... 6 Comparison
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationTHUNDER WEB APPLICATION FIREWALL
SOLUTION BRIEF THUNDER WEB APPLICATION FIREWALL STOP WEB ATTACKS TO PREVENT COSTLY DATA BREACHES MOBILE USERS REQUIRE SECURE ALWAYS-ON NETWORK ACCESS Web applications have become the number one battlefield
More informationCLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance
IBM Innovate 2010 CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance Anthony Lim MBA CISSP CSSLP FCITIL Director, Asia Pacific, Software Security Solutions IBM,
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationEPRI Software Development 2016 Guide for Testing Your Software. Software Quality Assurance (SQA)
EPRI Software Development 2016 Guide for Testing Your Software Software Quality Assurance (SQA) Usability Testing Sections Installation and Un-Installation Software Documentation Test Cases or Tutorial
More informationCitrix NetScaler Make web applications run five times better
Citrix NetScaler Make web applications run five times better Citrix NetScaler is a web application delivery solution that makes applications five times better by accelerating performance, ensuring that
More informationTable of Content Security Trend
Table of Content Security Trend New Business, New Challenges Difficulties of O&M for Network Security New Security Model SANGFOR Security Concept NGAF Your Security Guard to the Future Cyber Risks: The
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationSimplifying Application Security and Compliance with the OWASP Top 10
Simplifying Application Security and Compliance with the OWASP Top 10 An Executive Perspective 187 Ballardvale Street, Wilmington, MA 01887 978.694.1008 ExECuTivE PErSPECTivE 2 introduction From a management
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationWeb Application Threats and Remediation. Terry Labach, IST Security Team
Web Application Threats and Remediation Terry Labach, IST Security Team IST Security Team The problem While we use frewalls and other means to prevent attackers from access to our networks, we encourage
More informationFIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?
WHAT IS FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT? While firewalls started life simply protecting networks from outside hacks and attacks, the role of the firewall has greatly evolved to take
More informationApplication. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
More informationAtlassian. Atlassian Software Development and Collaboration Tools. Bugcrowd Bounty Program Results. Report created on October 04, 2017.
Atlassian Software Development and Collaboration Tools Atlassian Bugcrowd Bounty Program Results Report created on October 04, 2017 Prepared by Ryan Black, Director of Technical Operations Table of Contents
More informationTop 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationSecurity Communications and Awareness
Security Communications and Awareness elearning OVERVIEW Recent high-profile incidents underscore the need for security awareness training. In a world where your employees are frequently exposed to sophisticated
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationWeb Application Firewall Subscription on Cyberoam UTM appliances
On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application
More informationDell SonicWALL Secure Mobile Access 8.5. Web Application Firewall Feature Guide
Dell SonicWALL Secure Mobile Access 8.5 Copyright 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell, the Dell logo,
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationOWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
More informationQ WEB APPLICATION ATTACK STATISTICS
WEB APPLICATION ATTACK STATISTICS CONTENTS Introduction...3 Results at a glance...4 Web application attacks: statistics...5 Attack types...5 Attack trends...8 Conclusions... 11 2 INTRODUCTION This report
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationUsing Open Tools to Convert Threat Intelligence into Practical Defenses A Practical Approach
Using Open Tools to Convert Threat Intelligence into Practical Defenses A Practical Approach 2016 Presented by James Tarala (@isaudit) Principal Consultant Enclave Security 2 Historic Threat Hunting German
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationNOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect
NOTHING IS WHAT IT SIEMs: COVER PAGE Simpler Way to Effective Threat Management TEMPLATE Dan Pitman Principal Security Architect Cybersecurity is harder than it should be 2 SIEM can be harder than it should
More information6-Points Strategy to Get Your Application in Security Shape
6-Points Strategy to Get Your Application in Security Shape Sherif Koussa OWASP Ottawa Chapter Leader Static Analysis Technologies Evaluation Criteria Project Leader Application Security Specialist - Software
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationHacker Attacks on the Horizon: Web 2.0 Attack Vectors
IBM Software Group Hacker Attacks on the Horizon: Web 2.0 Attack Vectors Danny Allan Director, Security Research dallan@us.ibm.com 2/21/2008 Agenda HISTORY Web Eras & Trends SECURITY Web 2.0 Attack Vectors
More informationApplications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationFirefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran
Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2 Tuncay Seyran Security in a virtualized environment: same security risks + more TRADITIONAL SECURITY RISKS IMPACTING VIRTUAL ENVIRONMENTS
More informationBEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION
GUIDE BEST PRACTICES FOR SELECTING A WEB APPLICATION SCANNING (WAS) SOLUTION CONTINUOUS SECURITY With attackers getting more sophisticated every day, manual methods of locating and testing web-based apps
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationAguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
More informationCONTENTS. Recommendations. Prize Q & A
CONTENTS Contents Disclaimer Introduction Common uses for Web Applications Common Web Application Infrastructure and Users The Importance of Web Application Security Why OWASP About OWASP Top Ten Summary.
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationDefend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title
Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets
More informationIntegrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution
Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution (Layer 3/4 and Layer 7) Delivering best-in-class network and web application security to the modern enterprise
More informationHacking by Numbers OWASP. The OWASP Foundation
Hacking by Numbers OWASP Tom Brennan WhiteHat Security Inc. tom.brennan@whitehatsec.com 973-506-9303 skype: jinxpuppy Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify
More informationSecurity Best Practices. For DNN Websites
Security Best Practices For DNN Websites Mitchel Sellers Who am I? Microsoft MVP, ASPInsider, DNN MVP Microsoft Certified Professional CEO IowaComputerGurus, Inc. Contact Information msellers@iowacomputergurus.com
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationPresentation Overview
Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With Vulnerable Applications Understanding the Software Attack Surface Mean Time to Fix (MTTF) Explained Application
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationWelcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
More informationPCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER
PCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER Table of Content PCI DSS Overview... 2 1.1 Key requirements of the PCI DSS standard... 3 Riverbed
More informationPenta Security Systems Inc. February, 2012
Penta Security Systems Inc. February, 2012 Company Overview Penta Security Systems Inc. is Korea-based leading provider of Application Security Software and Core Technology, with more than 1,300 installed
More informationOPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES
OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES What is the OWASP Top 10? A list of the top ten web application vulnerabilities Determined by OWASP and the security community at large
More informationOverview. Application security - the never-ending story
RIVERBED STINGRAY APPLICATION FIREWALL Securing Cloud Applications with a Distributed Web Application Firewall Overview Responsibility over IT security is moving away from the network and IT infrastructure
More information