Network Security Testing using MMT: A case study in IDOLE project



Similar documents
Network Monitoring using MMT:

Cross Site Scripting in Joomla Acajoom Component

Hack Proof Your Webapps

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

10 Things Every Web Application Firewall Should Provide Share this ebook

SQL INJECTION IN MYSQL

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

The Top Web Application Attacks: Are you vulnerable?

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Cyber Security Workshop Ethical Web Hacking

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting

Check list for web developers

What is Web Security? Motivation

APPLICATION SECURITY AND ITS IMPORTANCE

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Networks and Security Lab. Network Forensics


Intrusion detection for web applications

HTTP Response Splitting

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Øredev Web application testing using a proxy. Lucas Nelson, Symantec Inc.

Information Security for Modern Enterprises

Passing PCI Compliance How to Address the Application Security Mandates

Online Network Traffic Security Inspection Using MMT Tool

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

Magento Security and Vulnerabilities. Roman Stepanov

Security of Web Applications and Browsers: Challenges and Solutions

Introduction to Computer Security

Ethical Hacking as a Professional Penetration Testing Technique

CS 558 Internet Systems and Technologies

Essential IT Security Testing

ACKNOWLEDGMENT. I would like to thank Allah for giving me the patience to work hard and overcome all the

Web Application Security

Web Security: SSL/TLS

Guidelines for Web applications protection with dedicated Web Application Firewall

Using Free Tools To Test Web Application Security

MIS 510: Cyber Analytics Project

Ethical Hacking Penetrating Web 2.0 Security

Finding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft

Rational AppScan & Ounce Products

Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

State of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell

Web Vulnerability Scanner by Using HTTP Method

Application security testing: Protecting your application and data

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Lecture 11 Web Application Security (part 1)

IJMIE Volume 2, Issue 9 ISSN:

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Web Application Security 101

Joomla Security Report

WEB ATTACKS AND COUNTERMEASURES

Detection of SQL Injection and XSS Vulnerability in Web Application

Course Content: Session 1. Ethics & Hacking

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH January 17, Mega Conference

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

Malicious Network Traffic Analysis

Web attacks and security: SQL injection and cross-site scripting (XSS)

COMP 112 Assignment 1: HTTP Servers


3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A perspective to incident response or another set of recommendations for malware authors

April 11, (Revision 2)

WebCruiser Web Vulnerability Scanner User Guide

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Integrating Web Application Security into the IT Curriculum

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert

Table of Contents. Page 2/13

Description: Course Details:

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

elearning for Secure Application Development

ICTN Enterprise Database Security Issues and Solutions

Java Web Application Security

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO TABLE OF CONTENTS

The only False Positive Free. Web Application Security Scanner

(WAPT) Web Application Penetration Testing

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Security

Developing ASP.NET MVC 4 Web Applications MOC 20486

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

COORDINATED THREAT CONTROL

Integrating Security Testing into Quality Control

Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Adobe Systems Incorporated

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Transcription:

Network Security Testing using MMT: A case study in IDOLE project Vinh Hoa LA PhD Student Prof. Ana CAVALLI Supevisor Telecom SudParis Institut Mines Telecom France

IDOLE project IDOLE: 3-year French project on Investigation and Operated Detection in Large Scale Passive tools of detection, high-speed correlation, and investigation after incidents. Started since 2014

Motivation Network monitoring by examining metadata Metadata: data about data, an abstract (structural/descriptive) of data, a piece of data... Example: A book ~ data A library ~ data The position of the book in the library (which room, which shelf) ~ metadata IMT s role: Advanced monitoring techniques for detection and investigation using metadata. Why metadata? Velocity First step: Monitoring using User- Agent Field in HTTP s headers?

Metadata: User -Agent field HTTP request What is user agent field? - Statistical purposes - The tracing of protocol violations - Automated recognition of user agents for the sake of tailoring responses. Example of a HTTP header:

Vulnerabilities based on user-agent-field (1) Stored and Reflected XSS (cross-site scripting) 3)Web server stores the user-agent 2) Hackers connects to the Web server. 4) Admin open internet browser and views user agent section. Web Server Web Server 1) Hacker modifies the User- Agent with an evil script. User-agent: Mozilla/5.0 <script>alert( XSS Example );(</script><! Stored XSS Sys Admin 5) Server returns the evil script to the admin. The script is executed by the admin s browser.

Vulnerabilities using user-agent-field (2) Stored and Reflected XSS (cross-site scripting) 1) Hacker sends malware to the victim which includes a proxy agent. Web Server 3) Victim browses to website that has reflected XSS vulnerability Web Server 4) The web server returns the user-agent in the response. 2) Malware on victim changes browser settings to use hacker proxy agent and user agent. Reflected XSS 5) The victims browser executes the script.

Example 1 Vulnerabilities using user-agent-field (3) SQL injection via user agent field 3) Database reads user agent data and executes SQL injection. 1) Hackers creates a manual http request with an SQL injection in the user agent field. Web Server 2) Web analytics collects user agent fields for marketing. Database server Example 2 Web Server 1) Hacker modifies user agent to include an SQL query, 2) Server returns an SQL error in its response page.

Using MMT to detect vulnerabilities based on User Agent Field (1) MMT-Extract: Extract the User Agent Fields from HTTP requests. MMT-Sec: Define the rules to detect HTML, SQL and other malicious scripting code in User Agent Fields. MMT is a DPI tool able to run in real time or with traces files.

Using MMT to detect vulnerabilities based on User Agent Field (2)

Using MMT to detect vulnerabilities based on User Agent Field (3) HTTP requests collected in real time or in trace files MMT- Extract User- Agent Fields MMT- Security Rules (.xml ) - expected behaviour of the application or protocol under-test - malicious behaviour: an attack, a vulnerability or a misbehaviour MMT- Operator

Using MMT to detect vulnerabilities based on User Agent Field (4) MMT s strength: MMT properties: Rules can describe both wanted and unwanted behavior of application or protocol under-test. MMT allows combining active and passive approaches. MMT allows combining centralized and distributed analysis to detect 0-day attacks. Concerns to be considered: Possibility of the passage to large scale. Possibility to correlate with other rules and extractions to detect more complicate intrusions or attacks (e.g., heartbleed bug, BYOD- Bring Your Own Device, Botnet )

Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information