Repsheet. A Behavior Based Approach to Web Application Security. Aaron Bedra Application Security Lead Braintree Payments. tirsdag den 1.
|
|
- Camilla Perry
- 8 years ago
- Views:
Transcription
1 Repsheet A Behavior Based Approach to Web Application Security Aaron Bedra Application Security Lead Braintree Payments
2 Right now, your web applications are being attacked
3 And it will happen again, and again, and again
4 But not always in the way you think
5 Let s take a look at typical application security measures
6 User Requests Web Server Application Environment
7
8 roland : 12345
9 roland : 12345
10 And we go on with our day
11 How many of you stop there?
12 It s time to start asking more questions
13 But remember
14 Don t impact user experience!
15 ???
16 Signature based detection Anomaly detection Reputation based intelligence Action Repsheet
17 Signatures
18 ModSecurity
19 Web Application Firewall
20 Rule based detection
21 Allows you to block or alert if traffic matches a signature
22 Improved by the OWASP Core Rule Set
23 A great tool to add to your stack
24 Works with Apache, nginx, and IIS
25 Works well with Apache
26 Like most signature based tools it requires tuning
27 And has a high possibility of false positives
28 Great for helping with 0-day attacks
29 Favor alerting over blocking in most scenarios
30 User Requests Web Server ModSecurity Application Environment
31 Anomalies
32 [23/Apr/2013:14:20: ] "POST /login HTTP/1.1" "-" "Mozilla/ 5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/8.0" " "
33 [23/Apr/2013:14:20: ] "POST /users/king-roland/credit_cards HTTP/ 1.1" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/ 8.0" " "
34 [23/Apr/2013:14:20: ] "POST /users/king-roland/credit_cards HTTP/ 1.1" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/ 8.0" " "
35 [23/Apr/2013:14:20: ] "POST /users/king-roland/credit_cards HTTP/ 1.1" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/ 8.0" " "
36 What do you see?
37 I see a website getting carded
38 ???
39 Play by play
40 Login Request [23/Apr/2013:14:20: ] "POST /login HTTP/1.1" "-" "Mozilla/ 5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/8.0" " "
41 Add credit card to account #1 1 sec delay [23/Apr/2013:14:20: ] "POST /users/king-roland/credit_cards HTTP/ 1.1" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/ 8.0" " "
42 Add credit card to account #2 1 sec delay [23/Apr/2013:14:20: ] "POST /users/king-roland/credit_cards HTTP/ 1.1" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/ 8.0" " " FF 8 on Windows 7 or Bot?
43 Add credit card to account #3 1 sec delay [23/Apr/2013:14:20: ] "POST /users/king-roland/credit_cards HTTP/ 1.1" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/ Firefox/ 8.0" " " FF 8 on Windows 7 Plovdiv Bulgaria or Bot?
44 And this continues
45 10,000 more times
46 Those were the only requests that IP address made
47 Aside from the number of requests what else gave it away?
48 GET POST HEAD PUT DELETE 5% 4% 5% 27% 59%
49 HTTP method distribution is important
50 When an actor deviates significantly, there must be a reason!
51 Let s talk GeoIP
52 Adding GeoIP information is generically useful
53 But it also helps in the face of an attack
54 It can help protect you and your users
55 Scenario
56 King Roland gets his GMail account hacked
57 Hacker sends a password reset request to your server
58 Normally, you would the reset
59 Unless...
60 You realize that King Roland always logs in from Druidia
61 But the hacker is requesting the reset from Spaceball City
62 Instead of sending the reset, you now ask some questions
63 And hopefully protect King Roland from further bad actions
64 GeoIP detection also helps you block traffic from unwanted countries
65 User Requests Web Server ModSecurity GeoIP Application Environment
66 Other Anomalies Request rate Header ordering TCP Fingerprint vs. User Agent Account Create/Delete/Subscribe Anything you can imagine
67 What do they have in common?
68 Does the behavior fit an equation?
69 If so, your detection is simple
70 Request rate > Threshold
71 TCP fingerprint!= User Agent
72 But the HTTP method deviation is harder
73 100% GET requests with a known UA (e.g. Google) is ok
74 100% POST requests is not
75 But it s not always that simple
76 Scenario
77 A high rate of account create requests are coming from a single address
78 Is it a NATed IP or a fraud/spam bot?
79 We have patterns and data
80 What s the next step?
81 Quantitative Analysis
82 Quantitative Analysis
83 Security as a Data Science Quantitative Analysis Problem
84 We can apply some machine learning to the data in an attempt to classify it
85 User Requests??? Web Server Classifier ModSecurity GeoIP Application Environment
86 This is where a lot of the value comes from
87 And combined with signature detection helps correlate attack events
88 But you still need a way to keep track of it all
89 Reputation Based Intelligence
90 Who s naughty and who s really naughty
91 Built up from the tools/ techniques mentioned previously
92 Provides local reputation
93 You can also purchase external reputation feeds
94 The combination gives you solid awareness of bad actors
95 User Requests Web Server??? Classifier ModSecurity External Reputation Reputational Intelligence??? GeoIP Application Environment
96 Action
97 So now you have a ton of new information
98 What do you do with it?
99 Options Block the traffic Honeypot the attacker Modify your response Attack back Contact the authorities
100 Blocking the traffic is straight forward
101 Block at the web server level (403)
102 Block at the firewall level
103 Both have advantages/ disadvantages
104 Honeypots are much more interesting
105 LB Engine LB LB Fake Real DB Partial Replication DB
106 When you honeypot, the attacker doesn t know they ve been caught
107 And it allows you to study their behavior
108 And update your approach to preventing attacks
109 But all of this requires a way to manage state and act on bad behavior
110 Where do you act? User Requests State Web Server??? Classifier ModSecurity External Reputation Reputational Intelligence??? GeoIP Here? State Application Environment
111 Repsheet
112 Reputation Engine
113 User Requests Web Server ModSecurity Redis GeoIP External Reputation Feeds Repsheet Backend Repsheet Application Environment
114 User Requests Web Server ModSecurity Redis GeoIP External Reputation Feeds Repsheet Backend Repsheet Application Environment
115 User Requests Web Server ModSecurity Redis GeoIP External Reputation Feeds Repsheet Backend Repsheet Recorder Application Environment
116 User Requests Managed State Web Server ModSecurity Redis GeoIP External Reputation Feeds Repsheet Backend Repsheet Recorder Application Environment
117 User Requests Managed State Web Server ModSecurity Redis GeoIP External Reputation Feeds Repsheet Backend Repsheet Recorder Actor Application Environment
118 User Requests Managed State Web Server ModSecurity Redis GeoIP External Reputation Feeds Repsheet Backend Repsheet Out of band processing Recorder Application Environment Actor
119
120
121 Repsheet helps put everything together
122 Web server module records activity and looks for offenders in the cache
123 It listens to ModSecurity and adds offending IPs to its list
124 It provides notification and/or blocking of offenders
125 Blocking happens at the web server level
126 But you can send Repsheet data to your firewall for TCP level blocking
127 Notification sends headers to the downstream application
128 Which allows each app to chose how it is going to respond
129 For instance, show a captcha on signup if Repsheet alerts
130 Back end looks at the recorded data for bad behavior
131 And updates the cache when it finds offenders
132 You can supply your own learning models for the data
133 github.com/repsheet/ repsheet
134 Summary
135 There are lots of indicators of attack in your traffic
136 Build up a system that can capture the data and sort good from bad
137 Tools ModSecurity GeoIP Custom rules (velocity triggers, fingerprinting, device id, etc) Custom behavioral classification Repsheet
138 And Remember
139
140 Questions?
Defending Against Web App A0acks Using ModSecurity. Jason Wood Principal Security Consultant Secure Ideas
Defending Against Web App A0acks Using ModSecurity Jason Wood Principal Security Consultant Secure Ideas Background Info! Penetra?on Tester, Security Engineer & Systems Administrator!!!! Web environments
More informationIntrusion Detection Systems
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems
More informationWebsite Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?
Datasheet: Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-ofbreed
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationOutlook Data File navigate to the PST file that you want to open, select it and choose OK. The file will now appear as a folder in Outlook.
Migrate Archived Outlook Items Outlook includes archiving functionality that is used to free up space on the mail server by moving older items from the mail server to PST files stored on your computer
More informationMonitoring and Alerting
Monitoring and Alerting All the things I've tried that didn't work, plus a few others. By Aaron S. Joyner Senior System Administrator Google, Inc. Blackbox vs Whitebox Blackbox: Requires no participation
More informationIntrusion Detection & SNORT. Fakrul Alam fakrul@bdhbu.com
Intrusion Detection & SNORT Fakrul Alam fakrul@bdhbu.com Sometimes, Defenses Fail Our defenses aren t perfect Patches weren t applied promptly enough Antivirus signatures not up to date 0- days get through
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationHow to Make the Client IP Address Available to the Back-end Server
How to Make the Client IP Address Available to the Back-end Server For Layer 4 - UDP and Layer 4 - TCP services, the actual client IP address is passed to the server in the TCP header. No further configuration
More informationEnd-to-End Application Security from the Cloud
Datasheet Website Security End-to-End Application Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed
More informationAlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals
AlienVault Unified Security Management (USM) 5.x Policy Management Fundamentals USM 5.x Policy Management Fundamentals Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationA Whirlwind Introduction to Honeypots
A Whirlwind Introduction to Honeypots Marcus J. Ranum What is a honeypot? A security resource thats value lies in being attacked, probed, or compromised A honeypot is more a state
More informationHONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
More informationApache Tomcat. Load-balancing and Clustering. Mark Thomas, 20 November 2014. 2014 Pivotal Software, Inc. All rights reserved.
2 Apache Tomcat Load-balancing and Clustering Mark Thomas, 20 November 2014 Introduction Apache Tomcat committer since December 2003 markt@apache.org Tomcat 8 release manager Member of the Servlet, WebSocket
More informationVISIBLY BETTER RISK AND SECURITY MANAGEMENT
VISIBLY BETTER RISK AND SECURITY MANAGEMENT Mason Hooper Practice Manager, SIEM Solutions, McAfee APAC December 13, 2012 Oct 17 10:00:27, Application=smtp, Oct 17 10:00:27, Application=smtp, Event='Email
More informationNetwork- vs. Host-based Intrusion Detection
Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477
More informationLogs and Tactical Defence. Allan Stojanovic David Auclair University of Toronto #include <disclaimer.h>
R A O M Logs and Tactical Defence Allan Stojanovic David Auclair University of Toronto #include Our Environment Six /16 IPv4 networks one /32 IPv6 network (393,204 Ipv4s and 4,294,967,296
More information#splunkconf. Analyzing & Mitigating Malicious Web Activity using Splunk Enterprise
#splunkconf Analyzing & Mitigating Malicious Web Activity using Splunk Enterprise StubHub The World s Largest Fan-to-Fan Marketplace At StubHub, our mission is simple: provide fans a safe, convenient place
More informationSANS Dshield Webhoneypot Project. OWASP November 13th, 2009. The OWASP Foundation http://www.owasp.org. Jason Lam
SANS Dshield Webhoneypot Project Jason Lam November 13th, 2009 SANS Internet Storm Center jason@networksec.org The Foundation http://www.owasp.org Introduction Who is Jason Lam Agenda Intro to honeypot
More informationAdvanced Web Security, Lab
Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationMata : Garuda An advanced Network Monitoring System The S.L.A.D Network Security Framework. FIRST Conference Berlin, 19 June 2015
Mata : Garuda An advanced Network Monitoring System The S.L.A.D Network Security Framework FIRST Conference Berlin, 19 June 2015 1 Security in Real Life 2 3 Car Alarms Network Security Alarms 4 Our responsibility
More informationAnnouncements. Lab 2 now on web site
Lab 2 now on web site Announcements Next week my office hours moved to Monday 4:3pm This week office hours Wednesday 4:3pm as usual Weighting of papers for final discussion [discussion of listen] Bro:
More informationContents. Intrusion Detection Systems (IDS) Intrusion Detection. Why Intrusion Detection? What is Intrusion Detection?
Contents Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Motivation and basics (Why and what?) IDS types and principles Key Data Problems with
More informationWHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT
WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT WHAT S INSIDE: 1. GENERAL INFORMATION 1 2. EXECUTIVE SUMMARY 1 3. BACKGROUND 2 4. QUESTIONS FOR CONSIDERATION
More informationSecuring Web Apps with NGINX
Securing Web Apps with NGINX http://wallarm.com Stephan Ilyin, si@wallarm.com How many of you have your websites hacked? Each application probably has vulnerabilities and someday it can be hacked How to
More informationipad Classroom Installation & Deployment Important information
ipad Classroom Installation & Deployment Important information Our aim is to carry out your installation as quickly and efficiently as possible whilst utilising Apple s recommended procedures for the deployment
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationLoad balancing Microsoft IAG
Load balancing Microsoft IAG Using ZXTM with Microsoft IAG (Intelligent Application Gateway) Server Zeus Technology Limited Zeus Technology UK: +44 (0)1223 525000 The Jeffreys Building 1955 Landings Drive
More informationDevice Fingerprinting and Fraud Protection Whitepaper
Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting
More informationMonitoring applications in multitier environment. Uroš Majcen uros@quest-slo.com. A New View on Application Management. www.quest.
A New View on Application Management www.quest.com/newview Monitoring applications in multitier environment Uroš Majcen uros@quest-slo.com 2008 Quest Software, Inc. ALL RIGHTS RESERVED. Management Challenges
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCisco IPS Tuning Overview
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
More informationSecuring Web Applications...at the Network Layer
Securing Web Applications......at the Network Layer OWASP Spain Chapter Meeting 16 th June, 2006 Barcelona (ES) Carlos Fragoso Mariscal Chief Technical Director carlos@jessland.net Securing Web Applications
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationDDoS Attacks & Mitigation
DDoS Attacks & Mitigation Sang Young Security Consultant ws.young@stshk.com 1 DoS Attack DoS & DDoS an attack render a target unusable by legitimate users DDoS Attack launch the DoS attacks from various
More informationQuick Start Guide. www.uptrendsinfra.com
Quick Start Guide Uptrends Infra is a cloud service that monitors your on-premise hardware and software infrastructure. This Quick Start Guide contains the instructions to get you up to speed with your
More informationCommon Event Format Configuration Guide
Common Event Format Configuration Guide F5 Networks BIG-IP Application Security Manager (ASM) Date: Friday, May 27, 2011 CEF Connector Configuration Guide This document is provided for informational purposes
More informationLearning To Fly: How Angry Birds Reached the Heights of Store Performance
Learning To Fly: How Angry Birds Reached the Heights of Store Performance Learning To Fly: How Angry Birds Reached the Insert photo of speaker here 891 pixels h x 688 pixels w Heights of Store Performance
More informationIP Application Security Manager and. VMware vcloud Air
Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud
More informationWeb attacks and security: SQL injection and cross-site scripting (XSS)
Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationSecurity Event Management. February 7, 2007 (Revision 5)
Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST
More informationComputer Security Self-Test: Questions & Scenarios
Computer Security Self-Test: Questions & Scenarios Rev. Sept 2015 Scenario #1: Your supervisor is very busy and asks you to log into the HR Server using her user-id and password to retrieve some reports.
More informationBASICS OF SCALING: LOAD BALANCERS
BASICS OF SCALING: LOAD BALANCERS Lately, I ve been doing a lot of work on systems that require a high degree of scalability to handle large traffic spikes. This has led to a lot of questions from friends
More informationCollax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.
Collax Web Security Howto This howto describes the setup of a Web proxy server as Web content filter. Requirements Collax Business Server Collax Security Gateway Collax Platform Server including Collax
More informationTraffic Monitoring : Experience
Traffic Monitoring : Experience Objectives Lebah Net To understand who and/or what the threats are To understand attacker operation Originating Host Motives (purpose of access) Tools and Techniques Who
More informationBarracuda Networks Web Application Firewall
McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Barracuda Networks Web Application Firewall January 30, 2015 Barracuda Networks Web Application Firewall Page 1 of 10 Important
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More informationHardened Plone. Making Your Plone Site Even More Secure. Presented by: Nathan Van Gheem
Hardened Plone Making Your Plone Site Even More Secure Presented by: Nathan Van Gheem Plone Security Flexible and granular ACL/roles-based security model of Zope All input in Plone is validated Plone does
More informationDaniel Meier & Stefan Badertscher
Daniel Meier & Stefan Badertscher 1. The definition of Honeypots 2. Types of Honeypots 3. Strength and Weaknesses 4. Honeypots in action 5. Conclusions 6. Questions 7. Discussion A honeypot is an information
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationPlaying with Web Application Firewalls
Playing with Web Application Firewalls DEFCON 16, August 8-10, 2008, Las Vegas, NV, USA Who is Wendel Guglielmetti Henrique? Penetration Test analyst at SecurityLabs - Intruders Tiger Team Security division
More informationJoe St Sauver, Ph.D. joe@internet2.edu or joe@uoregon.edu Manager, InCommon Cer;ficate Program and Manager, Internet2 Na;onwide Security Programs
HTTP Strict Transport Security Performance: Is There An Issue? Does the Performance Working Group Have RecommendaAons for Tuning SSL/TLS For Internet2 Class Traffic? Joe St Sauver, Ph.D. joe@internet2.edu
More informationWeb Tap: Detecting Covert Web Traffic. Presented By: Adam Anthony
Web Tap: Detecting Covert Web Traffic Presented By: Adam Anthony Outline Problem Description Web Tap's Goals Web Tap's Significance Threat Model Implementation Evaluation Future Work Conclusion Typical
More informationDefining, building, and making use cases work
Defining, building, and making use cases work Paul Brettle Presales Manager, Americas Pacific Region What is a use case? Compliance FISMA, PCI, SOX, etc Network security firewalls, IDS, routers & switches
More informationMonitoring System Status
CHAPTER 14 This chapter describes how to monitor the health and activities of the system. It covers these topics: About Logged Information, page 14-121 Event Logging, page 14-122 Monitoring Performance,
More informationComputer Systems Security 2013/2014. Single Sign-On. Bruno Maia ei09095@fe.up.pt. Pedro Borges ei09063@fe.up.pt
Computer Systems Security 2013/2014 Single Sign-On Bruno Maia ei09095@fe.up.pt Pedro Borges ei09063@fe.up.pt December 13, 2013 Contents 1 Introduction 2 2 Explanation of SSO systems 2 2.1 OpenID.................................
More informationNetworks and the Internet A Primer for Prosecutors and Investigators
Computer Crime & Intellectual Property Section Networks and the Internet A Primer for Prosecutors and Investigators Michael J. Stawasz Senior Counsel Computer Crime and Intellectual Property Section ()
More informationCombating Web Fraud with Predictive Analytics. Dave Moore Novetta Solutions dmoore@novetta.com
Combating Web Fraud with Predictive Analytics Dave Moore Novetta Solutions dmoore@novetta.com Novetta Solutions Formerly, International Biometric Group (IBG) Consulting DoD, DHS, DRDC IR&D Identity Cyber
More informationLife after Microsoft Outlook Google Apps
Welcome Welcome to Gmail! Now that you ve switched from Microsoft Outlook to, here are some tips on beginning to use Gmail. Google Apps What s Different? Here are some of the differences you ll notice
More informationZimbra to Gmail Migration
Zimbra to Gmail Migration There are two steps that you need to complete prior to having us migrate your email from Zimbra to Gmail. These steps must be completed by November 9, 2012. If you experience
More informationIntrusion Detection Systems
Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems
More informationMFPConnect Monitoring. Monitoring with IPCheck Server Monitor. Integration Manual Version 2.05.00 Edition 1
MFPConnect Monitoring Monitoring with IPCheck Server Monitor Integration Manual Version 2.05.00 Edition 1 TABLE OF CONTENTS 1. INTRODUCTION...3 2. REQUIREMENTS...4 3. RESTRICTIONS...5 4. INSTALLATION...6
More informationWeb Security Threat Report: January April 2007. Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots
Web Security Threat Report: January April 2007 Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots What are we reporting? We are presenting real, live web attack data captured in-the-wild.
More informationINinbox Start-up Pack
2 INspired Email Marketing This is what you should know about sending emails through INinbox and how to get started! Thanks for joining INinbox. choice. You ve made a great In front of you, you find the
More informationAusCERT Remote Monitoring Service (ARMS) User Guide for AusCERT Members
AusCERT Remote Monitoring Service (ARMS) User Guide for AusCERT Members Last updated: 27/06/2014 Contents 1 Introduction... 2 1.1 What is ARMS?... 2 1.2 Glossary Terms... 2 2 Setting up your ARMS configuration
More informationHow To Ensure Your Email Is Delivered
Everything You Need to Know About Delivering Email through Your Web Application SECTION 1 The Most Important Fact about Email: Delivery is Never Guaranteed Email is the backbone of the social web, making
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationApache Tomcat Clustering
Apache Tomcat Clustering Mark Thomas, Staff Engineer 2012 SpringSource, by VMware. All rights reserved Agenda Introductions Terminology When to cluster Components Configuration choices Debugging Questions
More informationWikto how does it work and how do I use it?
Wikto how does it work and how do I use it? Introduction This document describes how to use Wikto to quickly and easily perform web server assessments. Before we start we need to know what Wikto does and
More informationINTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI
INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI Na przykładzie Junos WebApp Secure Edmund Asare INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis Keywords: Intelligent Next-Generation Firewall (ingfw), Unknown Threat, Abnormal Parameter, Abnormal Behavior,
More informationSecurity within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationWeb Application Security
Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?
More informationJunos WebApp Secure 5.0.0-10 (formerly Mykonos)
Junos WebApp Secure 5.0.0-10 (formerly Mykonos) Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2000 or 888 JUNIPER www.juniper.net April, 2013 Juniper Networks, Inc.
More informationAbout Cisco PIX Firewalls
About Cisco PIX Firewalls The PIX firewall requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the firewall operating system allows various methods
More informationsmarshencrypt User s Guide
Versions Addressed: smarshencrypt 2.0 Document Updated: 7/30/2010 Copyright 2010 Smarsh, Inc. All rights Purpose: This document will guide the end user in receiving and viewing smarshencrypt secure messages.
More informationSmarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist
Smarter Security for Smarter Local Government Craig Sargent, Solutions Specialist SUMMARY 1 Trustwave and SpiderLabs 2 Penetration Testing 3 Web Application Firewall (WAF) 4 Security Information & Event
More informationSlowShop.com SuperShop.com A practical example of how FusionReactor v5 can identify 10 common problems in ColdFusion applications.
SlowShop.com SuperShop.com A practical example of how FusionReactor v5 can identify 10 common problems in ColdFusion applications. Intergral Information Solutions David Stockton Senior Technical Consultant
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationHow to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01
How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationDivide and Conquer Real World Distributed Port Scanning
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
More informationPresentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM
LISA 10 Speaking Proposal Category: Practice and Experience Reports Presentation Title: When Anti-virus Doesn t Cut it: Catching Malware with SIEM Proposed by/speaker: Wyman Stocks Information Security
More informationWordpress Security. A guide on how to not get hacked when using wordpress. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K
Wordpress Security A guide on how to not get hacked when using wordpress. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K So about wordpress. The number one website and blogging software
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationIntrusion Detection Systems. Darren R. Davis Student Computing Labs
Intrusion Detection Systems Darren R. Davis Student Computing Labs Overview Intrusion Detection What is it? Why do I need it? How do I do it? Intrusion Detection Software Network based Host based Intrusion
More informationGOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist
More informationSecuring your Apache Tomcat installation. Tim Funk November 2009
Securing your Apache Tomcat installation Tim Funk November 2009 Who am I? Tomcat committer for over 7 years Day job: programmer at Armstrong World Industries. Why? function search() { var q = document.search.q.value.split(/\w+/);
More informationSeven Ways to Create an Unbeatable Enterprise Mobility Strategy
Seven Ways to Create an Unbeatable Enterprise Mobility Strategy A practical guide to what business and IT leaders need to do NOW to manage their business s mobile future By Arun Bhattacharya, CA Technologies
More informationFortiWeb 5.0, Web Application Firewall Course #251
FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration
More informationAlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log
Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat
More informationWeb Application Firewalls: When Are They Useful? OWASP AppSec Europe May 2006. The OWASP Foundation http://www.owasp.org/
Web Application Firewalls: When Are They Useful? OWASP AppSec Europe May 2006 Ivan Ristic Thinking Stone ivanr@webkreator.com +44 7766 508 210 Copyright 2006 - The OWASP Foundation Permission is granted
More informationDDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen. Eldad Chai, VP Product
DDoS Attacks - Peeling the Onion on One of the Most Sophisticated Ever Seen Eldad Chai, VP Product Incapsula Application Delivery from the Cloud 2 DDoS 101 ISP Network Devices Web servers Applications
More informationFrequently Asked Questions (FAQ)
Frequently Asked Questions (FAQ) (click header to jump to the section of your choice) HOW DO I REGISTER FOR AN ACCOUNT? HOW DO I CHANGE MY PASSWORD? WHY SHOULD I REGISTER FOR AN ACCOUNT? HOW CAN I SET
More information