Transcription
Contemporary Web ApplicationAttacksIvan PangSenior ConsultantEdvance Limited
AgendaHow Web Application Attack impact to your business?What are the common attacks?What is Web Application Firewall (WAF)?How can we select the right WAF?Edvance Confidential 2
How Web Application Attack impact toyour businessWhat are the attacker going to do?Discover any valuable informationCredit Card information, personal information, corporation financialinformationOn-line Service interruptionDenial of ServiceDamage of corporate imageLooking for some Web Servers to launch AttacksEdvance Confidential 3
How attackers launch attacks?The threat is evolvingWell fundedWell-organizedSophisticatedAutomated attacks are thenew frontierLarge scaleShifting locationsShifting techniquesIBM Internet Security Systems , X-Force 2009Mid-Year Trend and Risk ReportEdvance Confidential 4
What are the common attacks?Top 10 Common Attacks to Web Application(According to OWASP 2010 rc1)http://www.owasp.org/index.php/Top 10Edvance Confidential 5
How bad the damage can be doneTYPICAL WEB ATTACK DEMOEdvance Confidential 6
Attack Step one – Understand WebServer & DatabaseEdvance Confidential 7
Attack Step one – Understand WebServer & DatabaseEdvance Confidential 8
Try to capture other cookie information –Cross-site ScriptingEdvance Confidential 9
Try to capture other cookie information –Cross-site ScriptingEdvance Confidential 10
Bypass login authentication – SQLInjectionEdvance Confidential 11
Bypass login authentication – SQLInjectionEdvance Confidential 12
Extract what data you want – SQLInjectionEdvance Confidential 13
Extract what data you want – SQLInjectionEdvance Confidential 14
Extract what data you want – SQLInjectionEdvance Confidential 15
Extract what data you want – SQLInjectionEdvance Confidential 16
Extract what data you want – SQLInjectionEdvance Confidential 17
Extract what data you want – SQLInjectionEdvance Confidential 18
Shutdown database serverEdvance Confidential 19
Shutdown database serverEdvance Confidential 20
Why Web Application FirewallWeb Application Firewalls alone detect attacks against applications!Traditional firewalls only detect network attacksOnly inspect IP address, port/service numberIDS products only detect known signaturesNo application understanding; high rate of false positives/negativesNo user/session tracking; No protection of SSL trafficDataProtocolApplication(OSI Layer 7 )Protocols(OSI Layer 4 – 6)Network AccessNetwork(OSI Layer 1 – 3)
How to choose the right Web Application FirewallWAF SELECTION CRITERIAEdvance Confidential 22
How to choose the right WAF?Throughput and latencyDepth of protectionEase of useFalse positives andnegativesReportingPriceEdvance Confidential 23
Common WAF requirements of CustomersSecurity:SQLi, Cross Site Scripting, Cross Site Request Forgery, etc mitigation,signature is not enoughFalse positive correction with minimal security impactDetailed Alert/Violation forensicsAnonymous proxy and Botnet awarenessAutomated vulnerability scanner integrationTrack web usernameAutomatic Security UpdateManagement/ReportingCentral management of policies, alerts, reports, etc Flexible security policy assignment and creationEffective reporting systemCustom reporting capabilitiesFlexible in deployment modeEdvance Confidential 24
Deployment mode – Critical Factor ofperformanceTransparent Inline BridgeData CenterSupports full enforcementHigh performance, low latencyFail-open interfacesTransparent & Reverse ProxySwitchHigh performance forcontent modificationURL rewriting, cookie signing,SSL terminationINTERNET ReverseProxyDeployment ne DeploymentPrimarily for monitoring, zero network latencySoftware mode installationEdvance Confidential 25
Preemptive protectionSecurity Research TeamMalicious/TOR IPHacker BHackerCPhishingSiteHacker AAnonymousProxyAttack SourceFeedsApplication vulnerability reconZero Day AttackPhishing IncidentEdvance Confidential 26WAF
Q & A SECTIONEdvance Confidential 27
Why Web Application Firewall Network Access (OSI Layer 1 - 3) Protocols (OSI Layer 4 - 6) Application (OSI Layer 7 ) Network Protocol Data Traditional firewalls only detect network attacks Only inspect IP address, port/service number IDS products only detect known signatures No application understanding; high rate of false positives/negatives