Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Similar documents
Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

Copyright

Applications Security

The Top 6 WAF Essentials to Achieve Application Security Efficacy

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

OWASP TOP OWASP TOP

OWASP Top 10 The Ten Most Critical Web Application Security Risks

CSWAE Certified Secure Web Application Engineer

Certified Secure Web Application Engineer

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

EXECUTIVE REPORT ADOBE SYSTEMS, INC. COLDFUSION SECURITY ASSESSMENT

GOING WHERE NO WAFS HAVE GONE BEFORE

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

Web Application Whitepaper

C1: Define Security Requirements

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

PRESENTED BY:

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

AKAMAI CLOUD SECURITY SOLUTIONS

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Bank Infrastructure - Video - 1

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

ShiftLeft. Real-World Runtime Protection Benchmarking

Web Application Firewall

Web Application Vulnerabilities: OWASP Top 10 Revisited

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Secure your Web Applications with AWS WAF & AWS Shield. James Chiang ( 蔣宗恩 ) AWS Solution Architect

Advanced Techniques for DDoS Mitigation and Web Application Defense

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

SECURITY TESTING. Towards a safer web world

haltdos - Web Application Firewall

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Managed Application Security trends and best practices in application security

Citrix NetScaler AppFirewall and Web App Security Service

RiskSense Attack Surface Validation for Web Applications

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Aguascalientes Local Chapter. Kickoff

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Securing Cloud Computing

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

OWASP Review. Amherst Security Group June 14, 2017 Robert Hurlbut.

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

OWASP Top David Johansson. Principal Consultant, Synopsys. Presentation material contributed by Andrew van der Stock

Mitigating Security Breaches in Retail Applications WHITE PAPER

Hacking Web Sites OWASP Top 10

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Application Security Use Cases. RASP, WAF, NGWAF, What The Hell is The Difference.

Security

Sichere Software vom Java-Entwickler

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Integrity attacks (from data to code): Cross-site Scripting - XSS

Comprehensive datacenter protection

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Welcome to the OWASP TOP 10

Key Considerations in Choosing a Web Application Firewall

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

SIEMLESS THREAT MANAGEMENT

Introduction F rom a management perspective, application security is a difficult topic. Multiple parties within an organization are involved, as well

1 About Web Security. What is application security? So what can happen? see [?]

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

Web Application Security. Philippe Bogaerts

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Security Solutions. Overview. Business Needs

Intelligent and Secure Network

Security Landscape Thorsten Stoeterau Security Systems Engineer - Barracuda Networks

RSA Web Threat Detection

Evaluating the Security Risks of Static vs. Dynamic Websites

Imperva Incapsula Website Security

THUNDER WEB APPLICATION FIREWALL

Cisco Self Defending Network

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

Total Security Management PCI DSS Compliance Guide

Securing Your Amazon Web Services Virtual Networks

F5 Application Security. Radovan Gibala Field Systems Engineer

About the OWASP Top 10

Continuously Discover and Eliminate Security Risk in Production Apps

Solutions Business Manager Web Application Security Assessment

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Protecting Against Online Banking Fraud with F5

Security Best Practices. For DNN Websites

CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance

Transcription:

Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title

Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets and customers

GOAL Threat Intel DDoS Mitigation Defense in Depth Anti-Fraud L7 WAF / Signatures / Zero day Bot Defense Identity / Access SSL Offload

Web app attacks are the #1 single source entry point of successful data breaches Web App Attacks User / Identity Physical 11% 33% 53% Other (VPN, PoS, infra.) 3% https://f5.com/labs

But we still have a lot of other exposure Web App Attacks User / Identity 33% 53% Physical 11% Other (VPN, PoS, infra.) 3% https://f5.com/labs

Secure Expedient Effective

Traditional WAF: Advanced WAF: OWASP Top 10 OWASP Top 10 Malicious Bots SSL/TLS Inspection SSL/TLS Inspection Credential Attacks Scripting Scripting API Attacks

Open Web Application Security Project

A broad consensus on the most critical web application security flaws

What do all of these attack vectors have in common? These are difficult and complex problems despite being well known, remain pervasive Building coverage into apps again and again is expensive if you can find the expertise Common vulnerabilities remain difficult to defend against in any case

A1:2017 Injection UserX OR 1=1; /* Web Application Successful Auth SQL DB

Decrypt and inspect parameter values

A2:2017 Broken Authentication

risk-based workflows Monitor requests

A3:2017 Sensitive Data Exposure

Sanitise output back-end software versions Enforce usage of SSL

A4:2017 XML External Entities (XXE) Attacker Host Malicious XML Request //etc/passwd XML Parser Web Application www.example.com

Enforce HTTP JSON, XML, and SOAP API attack signatures

A5:2017 Broken Access Control

accessed by users with proper credentials

A6:2017 Security Misconfiguration

central point of control whitelisting

A7:2017 Cross-Site Scripting (XSS) Attackers coerce web apps to store and serve, or reflect malicious code back to a victim to be executed within a site they re visiting

Detect and filter URI metacharacters pre-defined parameter values

A8:2017 Insecure Deserialisation

Enforce HTTP JSON, XML, and SOAP JSON parser output

A8: Cross-Site Request Forgery (from previous Top 10) Phishing Email <malicious link> Fraudulent Transaction Bank Site www.mybank.com

random nonce Limit application entry points

A9:2017 Using Components with Known Vulnerabilities

detect server software stacks advanced programmability

A10:2017 Insufficient Logging and Monitoring

to protect web apps at all layers threat visibility

What do all of these items have in common? These are difficult and complex problems despite being well known, remain pervasive Building coverage into apps again and again is expensive if you can find the expertise Common vulnerabilities remain difficult to defend against in any case

Effective protection against threats beyond the Top 10 Advanced WAF is more accessible and affordable than ever Here s the good news Comprehensive OWASP Top 10 support Dedicated team of researchers and engineers going the heavy lifting Advanced WAF Technology Policies are reusable and portable Flexible and expedient deployment options Defends apps of any size and variety

Beyond the Top 10 The OWASP Top 10 is just one piece of the app security puzzle Applications and vulnerabilities constantly change Good security tools can help reduce costs and give better business intel Go beyond vulnerabilities, and pursue a proactive security posture Push to make security part of the organisational culture where you work

Security programs are journeys of evolution Ongoing diligence and constant refinement

Key Takeaways These are complex concepts Difficult to defend against Costly Security programs are journeys of evolution WAF is accessible and affordable Protect against more than just the OWASP Top 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback