Protecting the Cloud from Inside
|
|
- Clemence Fields
- 8 years ago
- Views:
Transcription
1 Protecting the Cloud from Inside Intra-cloud security intelligence Protection of Linux containers Mitigation of NoSQL injections Alexandra Shulman-Peleg, PhD Cloud Security Researcher, IBM Cyber Security Center of Excellence 1
2 Securely Moving Corporate Applications to a Cloud Customer s view: My infrastructure moved to a 3rd party cloud service Help me to protect my assets. Detection and remediation of cloud vulnerabilities. Public cloud Hybrid cloud Private cloud 2
3 Cloud Security Orchestration Layer NoSQL security Container security Cloud Application Layer (PaaS) Cloud Infrastructure Layer (IaaS) Use cloud insights to raise the security No perimeter security in clouds 3
4 Cloud Trends The cloud s code: Controls distributed and complex environments Executes automatically with admin privileges Has modules in scripting languages Is open source with well known weaknesses May share the same kernel and host OS between applications of different users (e.g. Linux containers) Cloud software is more vulnerable than traditional systems and applications! 4
5 Cloud Trends Automation brings order! Each module knows its role! Let s use automation to improve protection! 5
6 Automating Code Distribution and Deployment with Containers Container cloud (IaaS) Deployment packages (PaaS) 70% of organizations are evaluating Docker 49% are concerned with Docker security 6 Survey of Vmblog.com (745 participants)
7 Containers - Emerging Building Blocks of Clouds Lightweight OS-level virtualization via grouping resources like processes, files, and devices into isolated spaces. Benefits: Portability and easy deployment Application isolation Near native performance App A App B App C Bins/ Libs Bins/ Libs Bins/ Libs App A App B App C App D Guest OS Guest OS Guest OS Bins /Libs Bins /Libs Bins/Libs Hypervisor Host OS Host OS Server Server Containers VMs 7
8 Containers Threats Threats Kernel exploits Container Engine Shared resources Shared Bins/Libs Mis-configurations Private/Public cloud Attack flow: Escape to host via kernel exploits Propagating to additional servers 8
9 How to make my containers secure? Securing the Infrastructure and the Workloads of Linux Containers, Workshop on Security and Privacy in the Cloud, Sept Mattetti, M., Shulman-Peleg, A., Allouche, Y., Corradi, A., Dolev, S., Foschini, L. 9
10 Open Source Linux Tools to the Rescue! Linux Security Modules (LSMs, e.g. AppArmor, SElinux) are lightweight, loadable kernel modules enforcing access control. Advantages of LSM: Part of Linux distributions Provide mandatory access control(mac) Disadvantages of LSMs: Complicated configuration and tuning Profile to restrict the Docker daemon (none exists) Profiles to restrict the containers (limited dockerdefault profile) 10
11 Tracing Execution and Profile Generation 1. Invoke Docker API (build/run etc.). 2. Use SystemTapto monitor the kernel operations. 3. Generate LSM profiles splitting between the host and the containers. LiCShield.git 11
12 Profile Distribution and Enforcement Construct the security policy once for each image -apply to all the instances. My image Deploy Docker Daemon Host OS Server 12
13 Overview of Host s Runtime Protection 1. Linux host + container engine high protection! Protecting server s runtime with HIDS 2. Containers protection as a service Per image training and creation of AppArmor, Selinux policies As a service workload protection Per Image profiles App A App B App C App D Bins/ Libs Bins/ Libs Bins/Libs Container Engine Host Based Intrusion Detection (HIDS) Host OS Server Secure, yet, Usable Protecting Servers and Containers S. Barlev, Z. Basil, S. Kohanim, R. Peleg, S. Regev, A. Shulman-Peleg, to appear. 13
14 No SQL, No Injection? Workshop on Web 2.0 Security and Privacy (W2SP) 2015 A. Ron, A. Shulman-Peleg, E. Bronshtein, A. Puzanov 14
15 The Popularity of NoSQLContinues to Rise db-engines.com 15
16 NoSQL Attack Vectors The new data models of NoSQL make old attacks, like SQL injections irrelevant. Attackers get new opportunities for injecting their malicious code into the statements passed to the database. Attackers web browser Injection added Data Attacked web server Client/Protocol wrapper Injection processed Data NoSQL data store 16
17 NoSQL Injection Techniques Tautologies -bypassing access control by injecting code in conditional statements that are always true. username=tolkien&password=hobbit username[$ne]=1&password[$ne]=1 db.logins.find({ username: { $ne: 1 }, password: { $ne: 1 } }) Union queries changing the data set returned for a given query. username=tolkien, $or: [ {}, { a : a&password= } ], $comment: successful MongoDB injection { username: tolkien, $or: [ {}, { a : a, password: } ], $comment: successful MongoDB injection } 17
18 NoSQL Injection techniques Cont JavaScript injections -Passing un-sanitized user input to queries may allow injecting arbitrary JavaScript code. Origin violation - a legitimate user and its web browser are exploited to perform some unwanted action on behalf of the attacker. 18
19 NoSQLInjection Techniques Caches Piggy-backed queries -where an attacker exploits some assumptions in the interpretation of escape sequences special characters (e.g. termination characters like CRLF) to insert additional queries to be executed by the database. Attackers web browser Injection added Data Attacked web front end Protocol wrapper Injection Data Cloud or BigData Framework In-memory data store Data Data Data 19
20 Mitigation of Attacks and Injections Development and testing Continuous Mitigation Secure Deployment Insider s view Monitoring and Protection 20
21 Protecting the Cloud from the Inside Cloud Application Layer (PaaS) cloud Foundry IDaaS, NoSQL data stores, Spark Cloud Infrastructure Layer (IaaS) Heat, Mistral,... Network, VMs, Containers, Storage, Users Cloud Operation Layer Details of the workload to be executed Security tools and policies Security and Policy Dashboard Admin disruptive: Chef, TripleO, DevOps Admin monitoring: logs, accounting etc. 21 Security Intelligence for Cloud Management Infrastructures S. Berger, S. Garion, Y. Moatti, D. Naor, D. Pendarakis, A. Shulman-Peleg JR Rao, E. Valdez, Y. Weinsberg, to appear.
22 IBM Cyber Security Center of Excellence 22
NO SQL! NO INJECTION?
NO SQL! NO INJECTION? A talk on the state of NoSQL security IBM Cyber Security Center of Excellence Aviv Ron Alexandra Shulman-Peleg IBM AppScan Emanuel Bronshtein AVIV RON Security Researcher for IBM
More informationNo SQL! no injection? A talk on the state of NoSQL security
No SQL! no injection? A talk on the state of NoSQL security IBM Cyber Security Center of Excellence Aviv Ron Alexandra Shulman-Peleg Anton Puzanov Aviv Ron Security Researcher for IBM Cyber Security Center
More informationEmerging Approaches in a Cloud-Connected Enterprise: Containers and Microservices
Emerging Approaches in a -Connected Enterprise: Containers and Microservices Anil Karmel Co-Founder and CEO, C2 Labs Co-Chair, NIST Security Working Group akarmel@c2labs.com @anilkarmel Emerging Technologies
More informationDo Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16
Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationVirtualization and Cloud: Orchestration, Automation, and Security Gaps
Virtualization and Cloud: Orchestration, Automation, and Security Gaps SESSION ID: CSV-R02 Dave Shackleford Founder & Principal Consultant Voodoo Security @daveshackleford Introduction Private cloud implementations
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationPut a Firewall in Your JVM Securing Java Applications!
Put a Firewall in Your JVM Securing Java Applications! Prateep Bandharangshi" Waratek Director of Client Security Solutions" @prateep" Hussein Badakhchani" Deutsche Bank Ag London Vice President" @husseinb"
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationComputer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
More informationThreat Modelling for Web Application Deployment. Ivan Ristic ivanr@webkreator.com (Thinking Stone)
Threat Modelling for Web Application Deployment Ivan Ristic ivanr@webkreator.com (Thinking Stone) Talk Overview 1. Introducing Threat Modelling 2. Real-world Example 3. Questions Who Am I? Developer /
More informationCloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive
Cloud Security Through Threat Modeling Robert M. Zigweid Director of Services for IOActive 1 Key Points Introduction Threat Model Primer Assessing Threats Mitigating Threats Sample Threat Model Exercise
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationThe Cloud, Virtualization, and Security
A Cloud: Large groups of remote servers that are networked to allow centralized, shared data storage and online access to computer services or resources A Cloud: Large groups of remote servers that are
More informationWHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security
Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationContainer Clusters on OpenStack
Container Clusters on OpenStack 和 信 雲 端 首 席 技 術 顧 問 孔 祥 嵐 / Brian Kung brian.kung@gigacloud.com.tw Outlines VMs vs. Containers N-tier Architecture & Microservices Two Trends Emerging Ecosystem VMs vs.
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationLinux A first-class citizen in Windows Azure. Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise
Linux A first-class citizen in Windows Azure Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise 1 First, I am software developer (C/C++, ASM, C#, Java, Node.js,
More informationContainers, Docker, and Security: State of the Union
Containers, Docker, and Security: State of the Union 1 / Who am I? Jérôme Petazzoni (@jpetazzo) French software engineer living in California Joined Docker (dotcloud) more than 4 years ago (I was at Docker
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationSacha Dubois RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY. Solution Architect Infrastructure
RED HAT TRENDS AND TECHNOLOGY PATH TO AN OPEN HYBRID CLOUD AND DEVELOPER AGILITY Sacha Dubois Solution Architect Infrastructure sadubois@redhat.com 13. März 2015 - Seite 1 / 25 I.T. CHALLENGES 13. März
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationA SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS
A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com
More informationPractical Guide to Platform as a Service. http://cloud-council.org/resource-hub.htm#practical-guide-to-paas
Practical Guide to Platform as a Service http://cloud-council.org/resource-hub.htm#practical-guide-to-paas October, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide
More informationA new era of PaaS. ericsson White paper Uen 284 23-3263 February 2015
ericsson White paper Uen 284 23-3263 February 2015 A new era of PaaS speed and safety for the hybrid cloud This white paper presents the benefits for operators and large enterprises of adopting a policydriven
More informationCloud Security with Stackato
Cloud Security with Stackato 1 Survey after survey identifies security as the primary concern potential users have with respect to cloud computing. Use of an external computing environment raises issues
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationApplication Containers
Application Containers Transcending the private-public cloud frontier Digital Ecosystem platform provides manufacturers new channels for customer engagement and monetization of product ideas Today s digital
More informationPrivate Cloud Management
Private Cloud Management Speaker Systems Engineer Unified Data Center & Cloud Team Germany Juni 2016 Agenda Cisco Enterprise Cloud Suite Two Speeds of Applications DevOps Starting Point into PaaS Cloud
More informationAddressing Security for Hybrid Cloud
Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly
More informationA Survey on Cloud Security Issues and Techniques
A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationCloud Courses Description
Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing
More informationAzul pitches Docker as alternative to virtualization for heavy-duty Java applications
Azul pitches Docker as alternative to virtualization for heavy-duty Java applications Analyst: John Abbott 24 Sep, 2014 Responding to 'significant interest' from its enterprise customer base, the Java
More informationData Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center
Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises
More informationDynamic Security for the Hybrid Cloud
Dynamic Security for the Hybrid Cloud Marc van Zadelhoff, VP Strategy, Marketing and Product Management, IBM Security Nataraj Nagaratnam, Distinguished Engineer and CTO Security Solutions, IBM Security
More informationCloud Security. Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs. peterjopling. 2011 IBM Corporation
Cloud Security Peter Jopling joplingp@uk.ibm.com IBM UK Ltd Software Group Hursley Labs peterjopling 2011 IBM Corporation Cloud computing impacts the implementation of security in fundamentally new ways
More informationCloud Courses Description
Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationHealthcare: La sicurezza nel Cloud October 18, 2011. 2011 IBM Corporation
Healthcare: La sicurezza nel Cloud October 18, 2011 Cloud Computing Tests The Limits Of Security Operations And Infrastructure Security and Privacy Domains People and Identity Data and Information Application
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationRED HAT CONTAINER STRATEGY
RED HAT CONTAINER STRATEGY An introduction to Atomic Enterprise Platform and OpenShift 3 Gavin McDougall Senior Solution Architect AGENDA Software disrupts business What are Containers? Misconceptions
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationData Centers and Cloud Computing. Data Centers
Data Centers and Cloud Computing Intro. to Data centers Virtualization Basics Intro. to Cloud Computing 1 Data Centers Large server and storage farms 1000s of servers Many TBs or PBs of data Used by Enterprises
More informationNetzwerkvirtualisierung? Aber mit Sicherheit!
Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction
More informationNSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs
Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationLinstantiation of applications. Docker accelerate
Industrial Science Impact Factor : 1.5015(UIF) ISSN 2347-5420 Volume - 1 Issue - 12 Aug - 2015 DOCKER CONTAINER 1 2 3 Sawale Bharati Shankar, Dhoble Manoj Ramchandra and Sawale Nitin Shankar images. ABSTRACT
More informationHow Bigtop Leveraged Docker for Build Automation and One-Click Hadoop Provisioning
How Bigtop Leveraged Docker for Build Automation and One-Click Hadoop Provisioning Evans Ye Apache Big Data 2015 Budapest Who am I Apache Bigtop PMC member Software Engineer at Trend Micro Develop Big
More informationLunch and Learn: BlueMix to Mainframe making development accessible in the
Lunch and Learn: BlueMix to Mainframe making development accessible in the Cloud Rosalind Radcliffe IBM Distinguished Engineer, IBM Academy of Technology rradclif@us.ibm.com @RosalindRad Insert Custom
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationIBM Bluemix, the digital innovation platform
IBM Bluemix, the digital innovation platform Linux day 2015, Torino Greta Boffi, IBM Cloud EcoD 1 Cloud Service Models IBM SaaS Bluemix eliminates / dramatically simplifies various tasks: Traditional On-Premises
More informationSecurity in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect
Security in the Sauce Labs Cloud Practices and protocols used in Sauce s infrastructure and Sauce Connect Table of Contents page 2 page 4 page 6 page 8 page 9 page 10 page 11 Overview I. Sauce Labs Data
More informationThe Definitive Guide To Docker Containers
The Definitive Guide To Docker Containers EXECUTIVE SUMMARY THE DEFINITIVE GUIDE TO DOCKER CONTAINERS Executive Summary We are in a new technology age software is dramatically changing. The era of off
More information<Insert Picture Here> Oracle Web Cache 11g Overview
Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationSERENA SOFTWARE Serena Service Manager Security
SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationAn Architecture Vision
An Architecture Vision Universal Cloud Communications Stack Cloud Telecom. Software that turns communications into a service. 1 Software Architecture That Matters Universal Cloud Communications Stack (UCCS),
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationBuilding Energy Security Framework
Building Energy Security Framework Philosophy, Design, and Implementation Building Energy manages multiple subsets of customer data. Customers have strict requirements for regulatory compliance, privacy
More informationWindows Azure and private cloud
Windows Azure and private cloud Joe Chou Senior Program Manager China Cloud Innovation Center Customer Advisory Team Microsoft Asia-Pacific Research and Development Group 1 Agenda Cloud Computing Fundamentals
More informationSecuring Cloud Infrastructures with Elastic Security
Securing Cloud Infrastructures with Elastic Security White Paper September 2012 SecludIT 1047 route des dolines, 06560 Sophia Antipolis, France T +33 489 866 919 info@secludit.com http://secludit.com Core
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More informationA lap around Team Foundation Server 2015 en Visual Studio 2015
A lap around Team Foundation Server 2015 en Visual Studio 2015 René van Osnabrugge ALM Consultant, Xpirit rvanosnabrugge@xpirit.com http://roadtoalm.com @renevo About me Also Scrum Master rvanosnabrugge@xpirit.com
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationIntel IT s Cloud Journey. Speaker: [speaker name], Intel IT
Intel IT s Cloud Journey Speaker: [speaker name], Intel IT Accelerating The Corporate IT Journey Cloud enables ubiquitous access to resources and applications, and workload flexibility Cloud IaaS Infrastructure
More informationMandatory Access Control in Linux
Mandatory Access Control in Linux CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ In the early 2000s Root and administrator Many
More informationCapturing the New Frontier:
Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationEnhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista
Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista Setting the Stage This presentation will discuss the usage of Linux as a base component of hypervisor components
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationmanaging the risks of virtualization
managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization
More informationSecurity in Hybrid Clouds
Security in Hybrid Clouds Executive Summary... 3 Commonly Accepted Security Practices and Philosophies... 4 Defense- in- Depth... 4 Principal of Least Privileges... 4 Hybrid Cloud Security Issues and Threats...
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationSecurity in the Sauce Labs Cloud
SAUCE LABS REPORT Security in the Sauce Labs Cloud Practices and protocols used in Sauce s infrastructure and Sauce Connect Overview It s impossible to deny that in this day and age internet security should
More informationCourse 20533: Implementing Microsoft Azure Infrastructure Solutions
Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.
More informationSecurity Certification of Third- Parties Applications
Security Certification of Third- Parties Applications Stanislav Dashevskyi dashevskyi@fbk.eu Advisors: Fabio Massacci, Antonino Sabetta Agenda Introduction Third-party code in web applications Third-party
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationA Brief Overview. Delivering Windows Azure Services on Windows Server. Enabling Service Providers
A Brief Overview Enabling Service Providers Chris Van Wesep Cloud OS Product MKTG Manager Microsoft Corp. Delivering Windows Azure Services on Windows Server Challenges and needs Overview of Cloud OS Architecture
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationWeb Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
More informationSeven Ways to Create an Unbeatable Enterprise Mobility Strategy
Seven Ways to Create an Unbeatable Enterprise Mobility Strategy A practical guide to what business and IT leaders need to do NOW to manage their business s mobile future By Arun Bhattacharya, CA Technologies
More informationCloud and Security (Cloud hacked via Cloud) Lukas Grunwald
Cloud and Security (Cloud hacked via Cloud) Lukas Grunwald About DN-Systems Global Consulting and Technology Services Planning Evaluation Auditing Operates own Security Lab Project Management Integral
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationSECURE APPLICATION DEVELOPMENT CODING POLICY OCIO-6013-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER OCIO-6013-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationOracle Reference Architecture and Oracle Cloud
Oracle Reference Architecture and Oracle Cloud Anbu Krishnaswamy Anbarasu Enterprise Architect Social. Mobile. Complete. Global Enterprise Architecture Program Safe Harbor Statement The following is intended
More informationAdvanced Systems Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security
More information