2012 AKAMAI FASTER FORWARDTM
|
|
- Beverly Shaw
- 3 years ago
- Views:
Transcription
1 2012 AKAMAI FASTER FORWARDTM
2 Extending Your Perimeter of Defense and Visibility Patrick Sullivan, CISSP, GSLC Jonathan Anderson, CISSP, GCED
3 What We ve Seen 2012 YTD 170 DDoS or Malicious Attacks on Akamai Customers Multiple customers under attack almost every weekend thru June Attack durations varied from hours to days Industry Severity of A;ack Geography 12% 22% 11% 24% 31% Commerce Digital Media 18% High Impact 19% Moderate Impact Enterprise 48% Low Impact High Technology 6% Public Sector 35% 74% Americas APAC EMEA
4 Agenda Easy things you can do with Akamai to reduce your attack surface Protect your DNS and Top Level Domain Disable unnecessary HTTP Methods and Query Strings Limit unneeded information disclosure about your site Optimize caching policy for Security Don t treat all pages equally Leverage Akamai s insights into attack tools Develop DDoS Runbook
5 Attacks targeting DNS have increased significantly in 2012 Adversaries are spending more time thinking about DNS than defenders across all adversary classes Recreational Hackers: Attacking for the lulz Chaotic Actors: Hactivism Organized Crime: Profit motivated State Sponsored: Nationalistic agenda Several high profile Managed DNS providers have suffered outages recently following DNS based DDoS attacks
6 Is Your Top Level Domain Protected? is CNAMEd to Akamai and protected DNS RFC s prevent CNAMEing the top level domain example.com Do you serve from Possibly a direct route around Akamai to origin Options for the Top Level Domain Perform a 301/302 at origin from example.com to Establish separate hosting serve the redirects Have Akamai edns manage the Top Level Domain at the Edge Lets Akamai serve the redirects Akamai Primary DNS is currently in Limited Availability
7 Disable unnecessary HTTP Methods Do you need POST enabled for your entire site? Enabled globally in most Web servers and Akamai configurations Only accept the minimum HTTP Methods that you require Enable POST only on URLs that require it Do not enable PUT, DELETE, OPTIONS, or TRACE unless truly needed Kona Site Defender protects against attacks that use POST Slow POST protection Many WAF rules inspect POSTs for application layer attacks Signature-based controls for many popular attack tools
8 Coming soon: Slow POST Controls
9 Increase Reconnaissance Work Effort Akamai can filter responses to eliminate verbose headers Rewrite Server header Remove X-Powered-By headers Whitelist Akamai Debug to specific IP addresses Remember robots.txt! Don t let Google expose vulnerabilities in your site:
10 Optimizing Configuration for Security Do you need query string s to be included in your cache keys? If not, having Akamai ignore them will reduce attack surface With Kona, Akamai can protect against HTTP Request Floods Rate Controls can be used monitor uncacheable parts of the site Signature based controls can screen for specific attack tools Network Layer and Geographic Controls
11 Query String Attack Demo
12 Special Considerations for your Landing Page www is a very frequent target of attacks Is Akamai treating your home page differently for you? Redirects at the edge Dynamic page caching provides very powerful defense for the homepage
13 Design Considerations for Login Page(s) Our customers are seeing frequent abuse of login pages Attacks appear to be leveraging large databases of compromised credentials
14 Develop a DDoS Runbook Have a plan ready to execute for when you are attacked Procedures Contacts Akamai can help provide some best practices based on our lessons learned from managing so many DDoS attacks with our customers
15 Summary Lots of low-hanging fruit to address when hardening your site Top level domain, HTTP Methods, Query Strings Default landing page, login page, etc. DDoS Runbook what would you do if you came under attack? Come visit us at the Security Booth to see more attack demos! Slowloris slow POST Nikto XSS Havij SQLi HOIC with custom booster pack Siege brute-force DDoS Query string manipulation Hydra brute-force login
16 Edge App Session Evaluations How it works 1 2 Click on the agenda icon Select the session you are currently attending Click on the surveys tab Click on the session survey made available at the start of your session Complete the session survey Get points for the Akamai Conference Game and win prizes 3 4
Web Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationGetting Started with AWS. Hosting a Static Website
Getting Started with AWS Hosting a Static Website Getting Started with AWS: Hosting a Static Website Copyright 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationWeb Application Firewall on SonicWALL SSL VPN
Web Application Firewall on SonicWALL SSL VPN Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SSL VPN 5.0. This document contains the following
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationPenetration Testing Scope Factors
1 NZ PAPER LINUX AND WEB APPLICATION SECURITY Penetration Testing Scope Factors April 20, 2013 Zeeshan Khan NZPAPER.BLOGSPOT.COM 2 Abstract: This paper contains the key points of penetration testing. All
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationBaidu: Webmaster Tools Overview and Guidelines
Baidu: Webmaster Tools Overview and Guidelines Agenda Introduction Register Data Submission Domain Transfer Monitor Web Analytics Mobile 2 Introduction What is Baidu Baidu is the leading search engine
More informationSecure Web Appliance. Reverse Proxy
Secure Web Appliance Reverse Proxy Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About Reverse Proxy... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationWeb Application Vulnerability Scanner: Skipfish
Web Application Vulnerability Scanner: Skipfish Page 1 of 7 EXECUTIVE SUMMARY Skipfish is an automated web application vulnerability scanner available for free download at Google s code website. It is
More informationCreating "Origin Pull" on Akamai (1)
Creating "Origin Pull" on Akamai (1) An "Origin Pull" on Akamai is set by creating a new "Configuration", you can create configurations for each of Akamai's services Object Caching - Standard CDN services,
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationSpamPanel Email Level Manual Version 1 Last update: March 21, 2014 SpamPanel
SpamPanel Email Level Manual Version 1 Last update: March 21, 2014 SpamPanel Table of Contents Incoming... 1 Incoming Spam Quarantine... 2 Incoming Log Search... 4 Delivery Queue... 7 Report Non-Spam...
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationHacker Intelligence Initiative, Monthly Trend Report #15
January 2013 Hacker Intelligence Initiative, Monthly Trend Report #15 Lessons Learned From the Yahoo! Hack How SQL Injection Vulnerabilities in Third-Party Code Can Make for Security Cloudy 1. Executive
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationRevisiting SQL Injection Will we ever get it right? Michael Sutton, Security Evangelist
Revisiting SQL Injection Will we ever get it right? Michael Sutton, Security Evangelist Overview Background What it is? How are we doing? Web 2.0 SQL injection meets AJAX Fuggle SQL Injection meets Google
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationJOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City
JOOMLA SECURITY by Oliver Hummel ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City CONTACT Nicholas Butler 051-393524 089-4278112 info@irelandwebsitedesign.com Contents Introduction 3 Installation
More informationHow To Attack A Website With An Asymmetric Attack
DEFENDING AGAINST LOW-BANDWIDTH, ASYMMETRIC DENIAL-OF-SERVICE ATTACKS David W. Holmes (@dholmesf5) F5 Networks Session ID: HT-R02 Session Classification: Intermediate AGENDA Introduction Why does this
More informationSophos UTM Web Application Firewall for Microsoft Exchange connectivity
How to configure Sophos UTM Web Application Firewall for Microsoft Exchange connectivity This article explains how to configure your Sophos UTM 9.2 to allow access to the relevant Microsoft Exchange services
More informationAkamai to Incapsula Migration Guide
Guide Akamai to Incapsula Migration Guide Introduction Incapsula is an enterprise-grade cloud service that helps companies deliver applications more efficiently and securely. This is accomplished through
More informationDon t get DDoSed and Confused. Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services
Don t get DDoSed and Confused Patrick Sullivan, CISSP, GSLC, GWAPT, GCIH Managed, Security Services Agenda Intro/Data Collection DDoS Basics Trends and Statistics Adversarial Groups/Motivations Defense
More informationOracle Communications Cartridge Feature Specification for Broadsoft Broadworks Enterprise Services
Oracle Communications ASAP Cartridge for Broadsoft Broadworks Enterprise s Cartridge Version 1.0 Oracle Communications Cartridge Feature Specification for Broadsoft Broadworks Enterprise s Vendor: BroadSoft(BS)
More informationIntroduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices
More informationTHE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE
THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE How application threat intelligence can make existing enterprise security infrastructures smarter THE BLIND SPOT IN THREAT INTELLIGENCE
More informationSTARTER KIT. Infoblox DNS Firewall for FireEye
STARTER KIT Introduction Infoblox DNS Firewall integration with FireEye Malware Protection System delivers a unique and powerful defense against Advanced Persistent Threats (APT) for business networks.
More informationSQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever. Dana Tamir, Product Marketing Manager, Imperva
SQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever Dana Tamir, Product Marketing Manager, Imperva Consider this: In the first half of 2008, SQL injection was the number one attack vector
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationPortal Administration. Administrator Guide
Portal Administration Administrator Guide Portal Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationCloud Security In Your Contingency Plans
Cloud Security In Your Contingency Plans Jerry Lock Security Sales Lead, Greater China Contingency Plans Avoid data theft and downtime by extending the security perimeter outside the data-center and protect
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationIndusGuard Web Application Firewall Test Drive User Registration
IndusGuard Web Application Firewall Test Drive User Registration Document Version 1.0 24/06/2015 Confidentiality INDUSFACE HAS PREPARED THIS DOCUMENT FOR INTERNAL PURPOSE. NEITHER THIS DOCUMENT NOR ITS
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,
More informationThe Pentester s Guide to Akamai
An NCC Group Publication The Pentester s Guide to Akamai Prepared by: Darren McDonald 8 th March 2013 Contents 1 Introduction... 3 2 Caveats... 3 3 Basic Akamai Setup... 4 4 Bypassing Akamai by Attacking
More informationMulti-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures
Multi-Layer Security for Multi-Layer Attacks Preston Hogue Dir, Cloud and Security Marketing Architectures High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual
More informationThe server will respond to the client with a list of instances. One such attack was analyzed by an information security researcher in January 2015.
1 TLP: GREEN 02.11.15 GSI ID: 1086 SECURITY BULLETIN: MS SQL REFLECTION DDOS RISK FACTOR - MEDIUM 1.1 / OVERVIEW / Beginning in October 2014, PLXsert observed the use of a new type of reflection-based
More informationDDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION
DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION Stephen Gates Chief Security Evangelist Corero Network Security Session ID: SEC-W04 Session Classification: Intermediate Recent Headlines Are Denial of
More informationThreat Intelligence UPDATE: Cymru EIS Report. www.team- cymru.com
Threat Intelligence Group UPDATE UPDATE: SOHO Pharming A Team Cymru EIS Report Powered Page by T1eam Threat Intelligence Group of 5 C ymru s This is an update on the SOHO Pharming case we published a little
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationGetting Started with AWS. Hosting a Static Website
Getting Started with AWS Hosting a Static Website Getting Started with AWS: Hosting a Static Website Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. The following are
More informationGetting Started with Clearlogin A Guide for Administrators V1.01
Getting Started with Clearlogin A Guide for Administrators V1.01 Clearlogin makes secure access to the cloud easy for users, administrators, and developers. The following guide explains the functionality
More informationAccess Control Rules: URL Filtering
The following topics describe how to configure URL filtering for your Firepower System: URL Filtering and Access Control, page 1 Reputation-Based URL Filtering, page 2 Manual URL Filtering, page 5 Limitations
More informationAkamai Security Products
Akamai Security Products Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationKona Site Defender. Product Description
Kona Site Defender Product Description November 2013 TABLE OF CONTENTS Table of Contents 2 Introduction 3 Kona Site Defender Overview 3 Kona Site Defender Features 3 DDoS Mitigation 3 DDoS Fee Protection
More informationAn Insight into Cookie Security
An Insight into Cookie Security Today most websites and web based applications use cookies. Cookies are primarily used by the web server to track an authenticated user or other user specific details. This
More informationMcAfee Web Gateway Administration Intel Security Education Services Administration Course Training
McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationThe full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.
Content Introduction... 2 Data Access Server Control Panel... 2 Running the Sample Client Applications... 4 Sample Applications Code... 7 Server Side Objects... 8 Sample Usage of Server Side Objects...
More informationApplication security testing: Protecting your application and data
E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers
More informationUsing Free Tools To Test Web Application Security
Using Free Tools To Test Web Application Security Speaker Biography Matt Neely, CISSP, CTGA, GCIH, and GCWN Manager of the Profiling Team at SecureState Areas of expertise: wireless, penetration testing,
More informationYottaa Site Optimizer Guide
Yottaa Site Optimizer Guide The Yottaa Site Optimizer automatically accelerates web sites and mobile apps, reducing page load times and improving your visitors ability to interact with every page on your
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationSecure Coding in Node.js
Secure Coding in Node.js Advanced Edition Copyright 2015 nvisium LLC 590 Herndon Parkway Suite 120, Herndon VA 20170 571.353.7551 www.nvisium.com 1 Introduction Seth Law VP of Research & Development @
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationClient logo placeholder XXX REPORT. Page 1 of 37
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationHGC SUPERHUB HOSTED EXCHANGE EMAIL
HGC SUPERHUB HOSTED EXCHANGE EMAIL OUTLOOK 2010 MAPI MANUALLY SETUP GUIDE MICROSOFT HOSTED EXCHANGE V2013.5 Table of Contents 1. Get Started... 1 1.1 Start from Setting up an Email account... 1 1.2 Start
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationDomains Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Domains All Domains System administrators can use this section
More informationBank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM
Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM Agenda Introduction to Application Hacking Demonstration of Attack Tool Common Web Application Attacks Live Bank Hacking Demonstration
More informationOWASP Top Ten Tools and Tactics
OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),
More informationFSOEP Web Banking & Fraud: Corporate Treasury Attacks
FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationContent. Global Delivery Network: Folders
An alternative to using translated domains, is to host your translations in folders. I.e. www.mycompanysite.com/ language When hosting your translation in a sub-folder, the traffic will need to be split
More informationApplication Layer -1- Network Tools
EITF25 Internet: Technology and Applications Application Layer -1- Network Tools 2015, Lecture 08 Kaan Bür Previously on EITF25 Addressing above IP Ports, sockets Process-to-process delivery Transport
More informationFinding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft
Finding and Preventing Cross- Site Request Forgery Tom Gallagher Security Test Lead, Microsoft Agenda Quick reminder of how HTML forms work How cross-site request forgery (CSRF) attack works Obstacles
More informationAdding New Clients to Your Account. Adding Orgs With a Unique Mail Server pg 2 Adding Orgs That Share Similar Mail Servers pg 6
Adding New Clients to Your Account Adding Orgs With a Unique Mail Server pg 2 Adding Orgs That Share Similar Mail Servers pg 6 Google Message Security, Powered by Postini Adding N ew Clients to Your Account
More informationIDENTITY SOLUTIONS: Security Beyond the Perimeter
IDENTITY SOLUTIONS: Security Beyond the Perimeter 2016 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud
More informationIntroduction to the AirWatch Browser Guide
Introduction to the AirWatch Browser Guide The AirWatch Browser application provides a safe, accessible and manageable alternative to Internet browsing using native device browsers. The AirWatch Browser
More informationDistributed Denial of Service Attack Tools
Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily
More informationDeploying NetScaler with Microsoft Exchange 2016
Deployment Guide Deploying NetScaler with Microsoft Exchange 2016 Deployment Guide Load balancing Microsoft Exchange 2016 with NetScaler Table of Contents Introduction 3 Configuration 5 NetScaler features
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationINTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI
INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI Na przykładzie Junos WebApp Secure Edmund Asare INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations
More informationRemote DNS Cache Poisoning Attack Lab
SEED Labs Remote DNS Cache Poisoning Attack Lab 1 Remote DNS Cache Poisoning Attack Lab Copyright c 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by the following
More informationTenable for CyberArk
HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments
More informationShell over what?! Naughty CDN manipulations. Roee Cnaan, Information Security Consultant
Shell over what?! Naughty CDN manipulations Roee Cnaan, Information Security Consultant About me (mister) Penetration Tester DDoS fitness tester Python and Scapy programmer SCADA and ICS attacker Tools
More informationGetting Started with Web Application Security
Written by Gregory Leonard February 2016 Sponsored by Veracode 2016 SANS Institute Since as far back as 2005, 1 web applications have been attackers predominant target for the rich data that can be pulled
More informationCentrify Mobile Authentication Services
Centrify Mobile Authentication Services SDK Quick Start Guide 7 November 2013 Centrify Corporation Legal notice This document and the software described in this document are furnished under and are subject
More informationHP WebInspect Tutorial
HP WebInspect Tutorial Introduction: With the exponential increase in internet usage, companies around the world are now obsessed about having a web application of their own which would provide all the
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationAuditing the Security of an SAP HANA Implementation
Produced by Wellesley Information Services, LLC, publisher of SAPinsider. 2015 Wellesley Information Services. All rights reserved. Auditing the Security of an SAP HANA Implementation Juan Perez-Etchegoyen
More information10 Configuring Packet Filtering and Routing Rules
Blind Folio 10:1 10 Configuring Packet Filtering and Routing Rules CERTIFICATION OBJECTIVES 10.01 Understanding Packet Filtering and Routing 10.02 Creating and Managing Packet Filtering 10.03 Configuring
More informationUsing Application Insights to Monitor your Applications
Using Application Insights to Monitor your Applications Overview In this lab, you will learn how to add Application Insights to a web application in order to better detect issues, solve problems, and continuously
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationF5 (Security) Web Fraud Detection. Keiron Shepherd Security Systems Engineer
F5 (Security) Web Fraud Detection Keiron Shepherd Security Systems Engineer The 21 st century application infrastructure (Trends) Users are going to access applications Mobile/VDI/XaaS/OS Security goes
More information