Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection
|
|
- Imogene Kelley
- 8 years ago
- Views:
Transcription
1 Real-Time Analysis of Non-stationary and Complex Network Related Data for Injection Attempts Detection Micha l Choraś 12, Rafa l Kozik 2 1 ITTI Ltd., Poznań, Poland mchoras@itti.com.pl 2 Institute of Telecommunications, UT&LS Bydgoszcz, Poland Summary. The growing use of cloud services, increased number of users, novel mobile operating systems and changes in network infrastructures that connect devices create novel challenges for cyber security. In order to counter arising threats, network security mechanisms and protection schemes also evolve and use sophisticated sensors and methods. The drawback is that the more sensors (probes) are applied and the more information they acquire, the volume of data to process grows significantly. In this paper, we present real-time network data analysis mechanism. We also show the results for SQL Injection Attacks detection. 1 Rationale Recently there is an increasing number of security incidents reported all over the world. The national CERTs (e.g. CERT Poland [1]) report that number of attacks in 2011 has increased significantly when compared to In annual reports they explain that most of network events submitted by automated feeds concern bot nets, spam, malicious URLs and Brute Force attacks. The increased number of incidents is strongly related to the fact that recently there is also an increasing number of mobile devices users that form the population of connect-from-anywhere terminals that regularly test the traditional boundaries of network security. Also the so called BYOD (bring your own device [2][3]) movement exposes the traditional security of many enterprises to novel and emerging threats. Many of nowadays malwares like ZITMO (Zeus In The Mobile) do not aim at mobile device itself anymore but on gathering the information about the users and gaining the access to remote services like bank web services. This significantly expands cyber space network security perimeter. There is also a significant number of reported incidents that are connected with huge widespread adoption of social media. Today, users are provide the content driving the growth at the same. This trend has a significant impact on accelerated spread of different kinds of malwares and viruses. As reported
2 2 Micha l Choraś, Rafa l Kozik by SophosLabs [2] the number of malware pieces they have analyzed has been doubled since Also as more and more cloud services and SaaS have been adapted by small and medium enterprises a big challenge for network security arises, since crucial for companies data started to be stored, maintained and transported by third party infrastructure where traditional points of inspection cannot be deployed. According to CISCO 2011 report [3] this trend is connected with the criminals that see the potential to get more return on their investment with cloud attacks, since they only need to hack one to hack them all. Other well known problems like attacks on the web applications to extract data or to distribute malicious code still remain unsolved. Cybercriminals continuously steal data and distribute their malicious code via legitimate web servers they have compromised. Also the emerging technologies such as HTML5 bring new cyber threats that web services providers have to deal with. In order to counter all the mentioned arising threats, network security mechanisms and protection schemes also evolve and use sophisticated sensors and methods. The drawback is that the more sensors (probes) are applied and the more information they acquire, the volume of data to process grows significantly. Therefore, in this paper, we present real-time network data analysis mechanism and we prove its effectiveness for SQL Injection Attacks detection. The paper is structured as follows: SQLIA attacks and detection tools are shortly presented in Section 2. Our own solution for SQL Injection attempts detection based on the evolutionary algorithm is presented in Section 3. The experimental setup and results are provided in Sections 4 and 5. Conclusions are given thereafter. 2 Current SQLIA Attack detection methods and tools. One of the most important network threat is SQLIA (SQL Injection Attack) which ranks as top threat in the OWASP list [4]. SQL injection and other similar exploits are the results of interfacing a scripting language by directly passing information through another language and are ultimately caused by insufficient input validation. SQL Injection Attacks (SQLIA) refer to a codeinjection attacks category in which part of the users input is treated as SQL code. Such code, if executed on the database, may change, erase, or expose sensitive data stored in the database. One of the most significant examples of SQL Injection Attacks include: hacking the Royal Navys website and recovering user names and passwords of the sites administrators (November 2010) [5]; stealing information related to almost accounts of subscribers registered on ISP news and review site DSLReports.com (April 2011) [6];
3 Title Suppressed Due to Excessive Length 3 exploiting SQL injection vulnerabilities of approximately web pages (April-August 2008) [7]. Several publications provide surveys, as well as analysis evaluating and comparing injection detection and prevention techniques. For example, more than twenty detective and preventive techniques are examined in [10]. In the publication, authors identified various types of SQLIAs and investigated ability to stop SQL injection provided by the most commonly used, current techniques. Similar approaches are presented in [11] and [12], where prevention techniques and security tools for the detection of SQL injection attacks were investigated. The set of tools used in this paper for detecting the SQL Injection attacks consists of both an algorithms proposed by authors and known (state of the art) solutions and tools. The tools evaluated in our tests are: 1. Apache Scalp. It is an analyzer of Apache server access log file. It is able to detect several types of attacks targeted on web application. The detection is a signature-based one. The signatures have form of regular expressions that are borrowed from PHP-IDS project. 2. Snort. It the most widely deployed IDS system that uses set of rules that are used for detecting web application attacks. However most of the available rules are intended to detect very specific type of attacks that usually exploit very specific web-based application vulnerabilities. 3. ICD (Idealized Character Distribution [15]). The method is similar to the one proposed by C.Kruegel in [15]. The proposed character distribution model for describing the genuine traffic generated to web application. The Idealized Character Distribution (ICD) is obtained during the training phase from perfectly normal requests send to web application. The IDC is calculated as mean value of all character distributions. During the detection phase the probability that the character distribution of a query is an actual sample drawn from its ICD is evaluated. For that purpose Chi-Square metric is used. 4. SQL ADS based on the Genetic Algorithm (proposed by authors [16] and described in section 3. 3 Genetic Algorithm Description In order to detect the anomalies in SQL queries a novel method is proposed. It exploits genetic algorithm, where the individuals in the population explore the log file that is generated by the SQL database. Each individual aims at delivering an generic rule (which is a regular expression) that will describe
4 4 Micha l Choraś, Rafa l Kozik visited log line. It is important for the algorithm to have an set of genuine SQL queries during the learning phase. The algorithm is divided into the following steps: Initialization. Each individual and line from log file is assigned. Each newly selected individual is compared to the previously selected in order to avoid duplicates. Adaptation phase. Each individual explores the fixed number of lines in the log file (the number is predefined and adjusted to obtain reasonable processing time of this phase). Fitness evaluation. Each individual fitness is evaluated. The global population fitness as well as rule level of specificity are taken into consideration, because we want to obtain set of rules that describe the lines in the log file. Cross over. Randomly selected two individuals are crossed over using algorithm for string alignment. If the newly created rule is too specific or too general it is dropped in order to keep low false positives and false negatives. In order to obtain the regular expression from two strings a modified version of the Neddleman and Wunch algorithm is proposed ([13]). The authors used this algorithm to find the best match between two DNA sequences which can diverge over time (e.g. by insertion or deletion) for different organisms. In order to find correspondence between those two sequences, it is allowed to modify the sequences by inserting the gaps. However, for each gap (and for mismatch) there is an penalty and award for genuine matches. For Needleman and Wunsch algorithm the most important is to find the best alignment between two sequences (the one with highest award). From anomaly detection point of view the parts where gaps are inserted are also important, because they are the points of injections. These parts are described with regular expressions using guidelines proposed in [14]. Therefore, the obtained result can be represented with the following regular expression: SE- LECT [a-z,]+ FROM patient WHERE name like [a-za-z]+. Needleman and Wunsch first suggested that in order to find the match with highest award a dynamic programming (DP) approach can be adapted. More details explaing how this is implemented can be found in [13]. The fitness function, that is used to evaluate each individual, takes into account the particular regular expression effectiveness (number of times it fires), the level of specificity of such rule and the overall effectiveness of the whole population. The fitness function is described by equation 1, where I indicates the particular individual regular expression, E population indicates the fitness of the whole population, E f effectiveness of regular expression (number of times the rule fires), and E s indicates the level of specificity. The α, β, and γ are constants that normalize the overall score and balance the each coefficient importance.
5 Title Suppressed Due to Excessive Length 5 E(I) = α E population + β E f (I) + γ E s (I) (1) E population = I P opulation E f (I) (2) The level of specificity indicates balance between number of matches and number of gaps. 4 Experiments In this section our evaluation methodology is described. The SQL Injection Attacks are conducted on php-based web service with state of the art tools for services penetration and SQL injection. The traffic generated by attacking tools are combined together with normal traffic (genuine queries) in order to estimate the effectiveness of the proposed methods. The genuine queries are both man-made and generated by web crawlers as well. The web service used for penetration test is so called LAMP (Apache + MySQL + PHP) server with MySQL back-end. It is one of the most common worldwide used servers and therefore it was used for validation purposes. The server was deployed on Linux Ubuntu operation system. For penetration tests examples services developed in PHP scripts and shipped by default with the server are validated. Attack injection methodology is based on the known SQL injection methods, namely: boolean-based blind, time-based blind, error-based, UNION query and stacked queries. For that purpose sqlmap tool is used. It is an open source penetration and testing tool that allows the user to automate the process of validating the tested services against the SQL injection flaws. In order to avoid double-counting the same attack patterns during the evaluation process, we decided to gather first the malicious SQL queries generated by sqlmap (several hundreds of different injection trials). After that genuine traffic (generated by crawlers and during the normal web service usage) is gathered. Such prepared data is used during the evaluation test that results are presented in section 5. 5 Results The conducted experiments were aimed at estimating the effectiveness of different tools commonly used for injection attack detection. Namely these are: Apache-Scalp (HTTP access log), Snort (HTTP packet content), ICD (HTTP access log), proposed SQL ADS (SQL DB log).
6 6 Micha l Choraś, Rafa l Kozik It must be noticed that both Apache-Scalp and Snort tools do not require any learning phase, since the signatures of anomaly (having symptoms of SQL Injection) SQL queries and malicious HTTP request are provided together with theses tools. The signatures are developed by security experts in form of regular expressions. Table 1. Effectiveness of injection attack detection (shown separately for genuine and malicious requests). SQL ADS SNORT ICD SCALP Attack 87,8% 66,3% 97,9% 50,9% Genuine 97,7% 80,5% 94,5% 96,1% Weighted Avg. 96,2% 78,3% 95,0% 89,0% The ICD and SQL ADS require dedicated learning phase and focus only on genuine HTTP and SQL queries. Method used for evaluation engages classic 10-fold algorithm. As it is shown in Table 1, the proposed SQL ADS algorithm slightly outperforms other state-of-the-art approaches when it comes to modelling the genuine queries. For queries having the symptoms of attack, the SQL ADS is about 10% worse when compared with ICD. Another experiment aimed at investigating whenever combining above methods together can additionally improve overall effectiveness of injection attack detection. For that purpose 10-fold approach is used. The informations obtained from SQL ADS, ICD and SNORT is used to build classifier for attack detection. Following classifiers were considered during this experiment: PART, NB (Naive Bayes), REPTree, J48, RIDOR. The effectiveness of above classifiers is shown in Table 1. It can be noticed that overall weighted average effectiveness has increased (from 96% to 99%) when we combine the proposed methods for injection attack detection. Table 2. Effectiveness of different classifiers (with SQL ADS). Attack Genuine Weig. Avg. PART NB REPTree J RIDOR
7 Title Suppressed Due to Excessive Length 7 The Table 3 shows that without SQL ADS the effectiveness of attack detection is worse, but it is still about 2% better than the strongest classifier alone (in this case ICD). Table 3. Effectiveness of different classifiers (without SQL ADS). Attack Genuine Weig. Avg. PART NB REPTree J RIDOR Conclusions In this paper an innovative correlation-base approach for injection attack detection was proposed. The described algorithm aims at efficient processing of large volume data that is generated by web applications. The advantage of the proposed solutions is that it allows for reusing existing efficient detectors for injection attack detection (e.g. SNORT, SCALP, character distribution approaches, etc.). Our experiments show that combining several weak injection attack detectors and engaging the machine learning techniques can lead to overall effectiveness improvement. In this paper we also proposed an novel evolutionary algorithm for modelling the genuine traffic with regular expressions. Presented results show that proposed algorithm, when combined with other approaches, can increase effectiveness of injection attack detection. The experiments show that proposed approach can achieve high effectiveness and can outperform other state of the art approaches like SNORT and SCALP. References 1. CERT Polska Annual Report CP 2011.pdf 2. SOPHOS homepage 3. Cisco Annual Report OWASP Top , The Ten Most Critical Web Application Security Risks. (2010) 5. Royal Navy Website Attacked by Romanian Hacker. http : // (2008) 6. Mills, E., DSL Reports Says Member Information Stolen. (2011) 7. Keizer, G., Huge Web Hack Attack Infects 500,000 pages, (2008)
8 8 Micha l Choraś, Rafa l Kozik 8. Rao, T.K., Kum, G.Y., Reddy, E.K., Sharma, M., Major Issues of Web Applications: A Case Study of SQL Injection. Journal of Current Computer Science and Technology, Vol. 2, Issue 1, (2012) 9. Halfond, W., Orso A., AMNESIA : Analysis and Monitoring for Neutralizing SQL-Injection Attacks. Proceedings of the 20th IEEEACM International Conference on Automated Software Engineering (2005) 10. Tajpour, A., JorJor Zade Shooshtari M., Evaluation of SQL Injection Detection and Prevention Techniques. CICSyN 2010 Second International Conference on Computational Intelligence, Communication Systems and Networks (2010) 11. Amirtahmasebi, K., Jalalinia, S.R., Khadem, S., A Survey of SQL Injection Defense Mechanisms. ICITST International Conference for Internet Technology and Secured Transactions (2009) 12. Elia, I.A., Fonseca, J., Vieira, M., Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study IEEE 21st International Symposium on Software Reliability Engineering (2010) 13. Needleman, S.B., Wunsch, C.D., A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins. Journal of Molecular Biology (1970) 14. Conrad, E., Detecting Spam with Genetic Regular Expressions. SANS Institute InfoSec Reading Room (2007) 15. Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp , Choraś M., Kozik R., Puchalski D., Holubowicz W., Correlation Approach for SQL Injection Attacks Detection, In: Herrero A. et al. (Eds.), Advances in Intelligent Systems and Computing, 189, , Springer, 2012.
Evaluation of Web Security Mechanisms Using Inline Scenario & Online Scenario
Evaluation of Web Security Mechanisms Using Inline Scenario & Online Scenario M. Durai Ganesh (Research Scholars) Information Technology, St. Peter s University, Chennai- 54, Tamil Nadu, India Dr. G.Gunasekaran,
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationWeb Application Security
Web Application Security Richard A. Kemmerer Reliable Software Group Computer Science Department University of California Santa Barbara, CA 93106, USA http://www.cs.ucsb.edu/~rsg www.cs.ucsb.edu/~rsg/
More informationWeb Forensic Evidence of SQL Injection Analysis
International Journal of Science and Engineering Vol.5 No.1(2015):157-162 157 Web Forensic Evidence of SQL Injection Analysis 針 對 SQL Injection 攻 擊 鑑 識 之 分 析 Chinyang Henry Tseng 1 National Taipei University
More informationNext Generation IPS and Reputation Services
Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationIntroduction: 1. Daily 360 Website Scanning for Malware
Introduction: SiteLock scans your website to find and fix any existing malware and vulnerabilities followed by using the protective TrueShield firewall to keep the harmful traffic away for good. Moreover
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationAnalysis of SQL injection prevention using a proxy server
Computer Science Honours 2005 Project Proposal Analysis of SQL injection prevention using a proxy server By David Rowe Supervisor: Barry Irwin Department of Computer
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationINTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY
INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY Asst.Prof. S.N.Wandre Computer Engg. Dept. SIT,Lonavala University of Pune, snw.sit@sinhgad.edu Gitanjali Dabhade Monika Ghodake Gayatri
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWeb Application Security 101
dotdefender Web Application Security Web Application Security 101 1 Web Application Security 101 As the Internet has evolved over the years, it has become an integral part of virtually every aspect in
More informationLASTLINE WHITEPAPER. Using Passive DNS Analysis to Automatically Detect Malicious Domains
LASTLINE WHITEPAPER Using Passive DNS Analysis to Automatically Detect Malicious Domains Abstract The domain name service (DNS) plays an important role in the operation of the Internet, providing a two-way
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationApplication of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware
Application of Data Mining based Malicious Code Detection Techniques for Detecting new Spyware Cumhur Doruk Bozagac Bilkent University, Computer Science and Engineering Department, 06532 Ankara, Turkey
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationWeb Vulnerability Scanner by Using HTTP Method
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 9, September 2015,
More informationExploiting Fundamental Weaknesses in Command and Control (C&C) Panels
Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels What Goes Around Comes Back Around! Aditya K Sood Senior Security Researcher and Engineer 1 Dr. Aditya K Sood About the Speaker! Senior
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationINTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH
INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH INTRODUCTION: WHO S IN YOUR NETWORK? The days when cyber security could focus on protecting your organisation s perimeter
More informationWEB APPLICATION VULNERABILITY STATISTICS (2013)
WEB APPLICATION VULNERABILITY STATISTICS (2013) Page 1 CONTENTS Contents 2 1. Introduction 3 2. Research Methodology 4 3. Summary 5 4. Participant Portrait 6 5. Vulnerability Statistics 7 5.1. The most
More informationSQL INJECTION MONITORING SECURITY VULNERABILITIES IN WEB APPLICATIONS
SQL INJECTION MONITORING SECURITY VULNERABILITIES IN WEB APPLICATIONS Manas Kumar 1, S. Senthil kumar 2 and D. Sarvanan 3 1 M.C.A. (Final Year) Abstract Sql injection: a recently discovered application
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationHow To Prevent An Sql Injection Attack
CHAPTER 1 PROJECT OVERVIEW 1.1 Introduction Database security is the degree to which all data is fully protected from tampering or unauthorized acts. Security vulnerability, security threat and security
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationPentests more than just using the proper tools
Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Penetration testing Introduction Evaluation scheme Security Analyses of web applications Internal Security
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationPentests more than just using the proper tools
Pentests more than just using the proper tools Agenda 1. Information Security @ TÜV Rheinland 2. Security testing 3. Penetration testing Introduction Evaluation scheme Security Analyses of web applications
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationSecurity Assessment of Waratek AppSecurity for Java. Executive Summary
Security Assessment of Waratek AppSecurity for Java Executive Summary ExecutiveSummary Security Assessment of Waratek AppSecurity for Java! Introduction! Between September and November 2014 BCC Risk Advisory
More informationDetection of SQL Injection Attacks by Combining Static Analysis and Runtime Validation
Detection of SQL Injection Attacks by Combining Static Analysis and Runtime Validation Witt Yi Win, and Hnin Hnin Htun Abstract SQL injection attack is a particularly dangerous threat that exploits application
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationRes. J. Appl. Sci. Eng. Technol., 8(5): 658-663, 2014
Research Journal of Applied Sciences, Engineering and Technology 8(5): 658-663, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: May 09, 2014 Accepted: June 16,
More informationDetection and mitigation of Web Services Attacks using Markov Model
Detection and mitigation of Web Services Attacks using Markov Model Vivek Relan RELAN1@UMBC.EDU Bhushan Sonawane BHUSHAN1@UMBC.EDU Department of Computer Science and Engineering, University of Maryland,
More informationSECURING APACHE : THE BASICS - III
SECURING APACHE : THE BASICS - III Securing your applications learn how break-ins occur Shown in Figure 2 is a typical client-server Web architecture, which also indicates various attack vectors, or ways
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More informationUnderstanding and Responding to the Five Phases of Web Application Abuse
Understanding and Responding to the Five Phases of Web Application Abuse Al Huizenga Director of Product Management Kyle Adams Chief Architect Mykonos Software Mykonos Software Copyright 2012 The Problem
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationNetwork Security Forensics
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationSQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever. Dana Tamir, Product Marketing Manager, Imperva
SQL Injection 2.0: Bigger, Badder, Faster and More Dangerous Than Ever Dana Tamir, Product Marketing Manager, Imperva Consider this: In the first half of 2008, SQL injection was the number one attack vector
More informationINDUSTRY OVERVIEW: HEALTHCARE
ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationsafe and sound processing online card payments securely
safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade
More informationHow To Fix A Web Application Security Vulnerability
Proposal of Improving Web Application Security in Context of Latest Hacking Trends RADEK VALA, ROMAN JASEK Department of Informatics and Artificial Intelligence Tomas Bata University in Zlin, Faculty of
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationCHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS
66 CHAPTER 5 INTELLIGENT TECHNIQUES TO PREVENT SQL INJECTION ATTACKS 5.1 INTRODUCTION In this research work, two new techniques have been proposed for addressing the problem of SQL injection attacks, one
More informationBotnets: The dark side of cloud computing
Botnets: The dark side of cloud computing By Angelo Comazzetto, Senior Product Manager Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationNetwork Monitoring using MMT:
Network Monitoring using MMT: An application based on the User-Agent field in HTTP headers Vinh Hoa LA Ɨ Raul FUENTES Ɨ PhD Student Prof. Ana CAVALLI Ɨ Ƭ Supervisor Ɨ Telecom SudParis, IMT Ƭ Montimage
More informationExcellence Doesn t Need a Certificate. Be an. Believe in You. 2014 AMIGOSEC Consulting Private Limited
Excellence Doesn t Need a Certificate Be an 2014 AMIGOSEC Consulting Private Limited Believe in You Introduction In this age of emerging technologies where IT plays a crucial role in enabling and running
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationEndpoint Threat Detection without the Pain
WHITEPAPER Endpoint Threat Detection without the Pain Contents Motivated Adversaries, Too Many Alerts, Not Enough Actionable Information: Incident Response is Getting Harder... 1 A New Solution, with a
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationThreat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform
Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform Sebastian Zabala Senior Systems Engineer 2013 Trustwave Holdings, Inc. 1 THREAT MANAGEMENT
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationApplication Security Testing. Generic Test Strategy
Application Security Testing Generic Test Strategy Page 2 of 8 Contents 1 Introduction 3 1.1 Purpose: 3 1.2 Application Security Testing: 3 2 Audience 3 3 Test Strategy guidelines 3 3.1 Authentication
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationInformation Security for Modern Enterprises
Information Security for Modern Enterprises Kamal Jyoti 1. Abstract Many enterprises are using Enterprise Content Management (ECM) systems, in order to manage sensitive information related to the organization.
More informationA Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationEnsuring Security in Cloud with Multi-Level IDS and Log Management System
Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationCisco Security Intelligence Operations
Operations Operations of 1 Operations Operations of Today s organizations require security solutions that accurately detect threats, provide holistic protection, and continually adapt to a rapidly evolving,
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationAUTOMATE CRAWLER TOWARDS VULNERABILITY SCAN REPORT GENERATOR
AUTOMATE CRAWLER TOWARDS VULNERABILITY SCAN REPORT GENERATOR Pragya Singh Baghel United College of Engineering & Research, Gautama Buddha Technical University, Allahabad, Utter Pradesh, India ABSTRACT
More informationPreprocessing Web Logs for Web Intrusion Detection
Preprocessing Web Logs for Web Intrusion Detection Priyanka V. Patil. M.E. Scholar Department of computer Engineering R.C.Patil Institute of Technology, Shirpur, India Dharmaraj Patil. Department of Computer
More informationIntruders & Intrusion Hackers Criminal groups Insiders. Detection and IDS Techniques Detection Principles Requirements Host-based Network-based
Lecture Outline Intruders & Intrusion Hackers Criminal groups Insiders Detection and IDS Techniques Detection Principles Requirements Host-based Network-based Honeypot Madartists Intruders significant
More informationLASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages
LASTLINE WHITEPAPER Large-Scale Detection of Malicious Web Pages Abstract Malicious web pages that host drive-by-download exploits have become a popular means for compromising hosts on the Internet and,
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationThe Open Cyber Challenge Platform *
The Open Cyber Challenge Platform * Jacob Fonseca, Kevin Bryan, Lisa DiPippo, Victor Fay-Wolfe * Supported By The U.S. National Science Foundation grants: Federal Cyber Service Scholarship For Service
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationGateway Security at Stateful Inspection/Application Proxy
Gateway Security at Stateful Inspection/Application Proxy Michael Lai Sales Engineer - Secure Computing Corporation MBA, MSc, BEng(Hons), CISSP, CISA, BS7799 Lead Auditor (BSI) Agenda Who is Secure Computing
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationWhite paper. Cyberoam UTM. Cyberoam. 360 Protection. on a Shoe-String Budget. www.cyberoam.com I sales@cyberoam.com
Cyberoam o 360 Protection on a Shoe-String Budget Introduction Network security a few years ago was not a part of an organization's annual budget where traditional wired computers sent secure information
More informationThe risks borne by one are shared by all: web site compromises
The risks borne by one are shared by all: web site compromises Having your company web site hacked or compromised can be a costly experience for your organisation. There are immediate costs in responding
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More information