Security Research, Imperva
- Главная
- Разное
- Дизайн
- Бизнес и предпринимательство
- Аналитика
- Образование
- Развлечения
- Красота и здоровье
- Финансы
- Государство
- Путешествия
- Спорт
- Недвижимость
- Армия
- Графика
- Культурология
- Еда и кулинария
- Лингвистика
- Английский язык
- Астрономия
- Алгебра
- Биология
- География
- Детские презентации
- Информатика
- История
- Литература
- Маркетинг
- Математика
- Медицина
- Менеджмент
- Музыка
- МХК
- Немецкий язык
- ОБЖ
- Обществознание
- Окружающий мир
- Педагогика
- Русский язык
- Технология
- Физика
- Философия
- Химия
- Шаблоны, картинки для презентаций
- Экология
- Экономика
- Юриспруденция
The State of Application Security: Hackers On Steroids презентация
Содержание
- 1. The State of Application Security: Hackers On Steroids
- 2. “Study the past if you would define the future” (Confucius)
- 3. Speaker Director of Security Research at Imperva
- 5. Attack Detection Mechanisms Application Profiling
- 6. Attack Types
- 7. Attack Incidents Incident Collection of alerts Same
- 8. Attack Trends 1
- 9. Chance of Getting Attacked
- 10. Chance of Getting Attacked Everyone’s at risk 3/4 apps attacked for every attack type
- 11. Chance of Getting Attacked “Perfect” RCE Coverage All applications were attacked
- 12. Number of Attack Incidents
- 13. Number of Attack Incidents
- 14. Number of Attack Incidents RCE and
- 15. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles
- 16. Number of Attack Incidents Inequality Measure
- 17. Number of Attack Incidents Spam is discriminatory Spoiler – some industries suffer more
- 18. SQL Injection and Cross-Site Scripting
- 19. SQL Injection and Cross-Site Scripting Most Applications
- 20. Year-over-Year Up-Trends # Incidents
- 21. Year-over-Year Up-Trends SQLi Persistent Growth 100% increase
- 22. Year-over-Year Up-Trends # Incidents Exponential Growth
- 23. Year-over-Year Up-Trends Exponential Growth
- 24. Year-over-Year Up-Trends Exponential Growth
- 25. Year-over-Year Down-Trends # Incidents
- 26. Year-over-Year Down-Trends # Incidents RFI was on
- 27. Year-over-Year Down-Trends # Incidents DT Decrease 2014
- 28. Magnitude of Attacks
- 29. Magnitude of Attacks SQLi Attacks are most
- 30. Reputation 2
- 31. Reputation
- 32. Reputation 80,605,285 Alerts 78% 22,850,023 Alerts 22%
- 33. Reputation 80,605,285 Alerts 78% 22,850,023 Alerts 22% Serial Attackers – 70% Anonymous Browsing – 8%
- 34. Serial Attackers Vs. Anonymous Browsing
- 35. Serial Attackers Vs. Anonymous Browsing
- 36. Serial Attackers Vs. Anonymous Browsing 140,000 anonymous
- 37. Industry Trends 3
- 38. Per-Industry Trends DT FU HTTP RFI SQLi XSS Spam RCE
- 39. Per-Industry Trends DT FU
- 40. Per-Industry Trends DT FU
- 41. Per-Industry Trends DT FU
- 42. Attack Types
- 43. Attack Types
- 44. Attack Types 57% XSS incidents on Health
- 45. Attack Types 37% DT incidents on Food
- 46. Web Framework Trends 4
- 47. Content Management Systems CMS Applications (excluding WordPress) Non-CMS Applications WordPress Applications
- 48. CMS Trends
- 49. CMS Trends CMS At Risk CMS applications
- 50. WordPress Trends Other CMS Non CMS WordPress
- 51. WordPress Trends Other CMS Non CMS
- 52. WordPress Trends Other CMS Non CMS
- 53. Geographic Trends
- 54. Geographic Attack Trends
- 55. Geographic Attack – Year-over-Year 2015 2014
- 56. Case Studies 6
- 57. Shellshock Mega-Trend
- 58. Shellshock Mega-Trend 75,000 incidents 189 applications 26,000
- 59. SQLi Cases Study
- 60. SQLi Cases Study 6,800 alerts per hour
- 61. Scraping Case Study TOR Massive Scraping attack
- 62. Scraping Case Study
- 63. Scraping Case Study
- 64. Conclusions
- 65. Recommendations
- 66. Q&A 7
- 67. Download 2015 Web Application Attack Report http://www.imperva.com/DefenseCenter/WAAR
“Study the past if you would define the future” (Confucius)
Слайд 3Speaker
Director of Security Research at Imperva
15 years experience in the security
industry
An inventor of 15 patents in these fields
Holds an M.Sc. in Applied Math and Computer Science
Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences
An inventor of 15 patents in these fields
Holds an M.Sc. in Applied Math and Computer Science
Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences
Itsik Mantin
Слайд 4
198 Applications
WAAR #6 Report
103,455,308 Alerts
6 Months
Making the Report
Cleaning
Classification
Aggregation
Analysis
Слайд 7Attack Incidents
Incident
Collection of alerts
Same attack type
Same target
Essentially same time
Not necessarily same
IP
Слайд 16
Number of Attack Incidents
Inequality Measure
Ratio between 3rd and 2nd quartiles
RCE Blind
Scans
All applications suffer equally
Слайд 19SQL Injection and Cross-Site Scripting
Most Applications see SQLi and XSS every
other week
Median of 12-13 for 6-month period
3-5 days for topQ applications
Median of 12-13 for 6-month period
3-5 days for topQ applications
Слайд 21Year-over-Year Up-Trends
SQLi Persistent Growth 100% increase in 2014
200% increase in 2015
#
Incidents
XSS Persistent Growth 100% increase in 2014
150% increase in 2015
Слайд 26Year-over-Year Down-Trends
# Incidents
RFI was on fire in 2014
Super-popular attack vector in
2014
Back to “normal” in 2015
Back to “normal” in 2015
Слайд 27Year-over-Year Down-Trends
# Incidents
DT Decrease
2014 trend changed
Spoiler – in one industry DT
is still the attack of choice
Слайд 29Magnitude of Attacks
SQLi Attacks are most Intensive
72-204 alerts for quartile 3
(of the incidents)
300K alerts in most intensive attack
Слайд 33Reputation
80,605,285 Alerts
78%
22,850,023 Alerts
22%
Serial Attackers – 70%
Anonymous Browsing – 8%
Слайд 36Serial Attackers Vs. Anonymous Browsing
140,000 anonymous browsing
1,800,000 detect-by-content
12,500,000 serial attackers
1,700,000 anonymous
browsing
280,000 detect-by-content
28,000 serial attackers
280,000 detect-by-content
28,000 serial attackers
Слайд 41Per-Industry Trends
DT
FU
HTTP
RFI
SQLi
XSS
Spam
RCE
RCE blind scans
Spam focused on travel applications
Massive Spam/RCE Campaigns
Слайд 47Content Management Systems
CMS Applications
(excluding WordPress)
Non-CMS
Applications
WordPress Applications
Слайд 49CMS Trends
CMS At Risk
CMS applications are attacked 3 Times more often
Trend
consistent for all attack types
Слайд 51WordPress Trends
Other CMS
Non CMS
WordPress
WordPress at More Risk
3.5 times more attacks than
non-CMS Applications
7 times more RFI and Spam Attacks
7 times more RFI and Spam Attacks
Слайд 52WordPress Trends
Other CMS
Non CMS
WordPress
WordPress at More Risk
3.5 times more attacks than
non-CMS Applications
7 times more RFI and Spam Attacks
7 times more RFI and Spam Attacks
WordPress at More Risk
3.5 times more attacks than non-CMS Applications
7 times more RFI and Spam Attacks
Слайд 58Shellshock Mega-Trend
75,000 incidents
189 applications
26,000 incidents
137 applications
23,000 incidents
174 applications
57,500 incidents
193 applications
Слайд 61Scraping Case Study
TOR Massive Scraping attack
2 million requests
777 TOR Ips
User-Agent faking
