Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Techniques in Application Intrusion Detection Al Huizenga, Mykonos Product Manager May 2010.

Published byDiane Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "New Techniques in Application Intrusion Detection Al Huizenga, Mykonos Product Manager May 2010."— Presentation transcript:

1 New Techniques in Application Intrusion Detection Al Huizenga, Mykonos Product Manager May 2010

2 Today Who am I? Director of Product Management, Mykonos 11 years experience marketing Web-based products and technologies Canadian. Eh. The Agenda The problem of Web application abuse Current options Application intrusion detection and response AppSensor vs. Mykonos Security Appliance

3 The Cost of Web Application Abuse The Problem The Cost of Web Application Abuse Fraud! Defacement! Identify Theft! Loss of business! Brand damage! Economic Growth!

4 Big, and Getting Bigger How Big is the Problem? Big, and Getting Bigger $4.0B in Fraud (2008 Cybersource) $50B in Identity Theft (2009 FTC) $16B Credit Card Fraud (2008 Mercator Advisory Group) $204 - Cost of Data Breach per Customer Record (Ponemon Institute 2009) $1T - Global Cost of Cyber Crime (McAfee 2008)

5 How to Secure Legacy Apps from Abuse The Challenge How to Secure Legacy Apps from Abuse Fix It. Firewall It.

6 The Anatomy of a Web Attack Phase 1 Silent Introspection Phase 2 Attack Vector Establishment Phase 3 Attack Implementation Phase 4 Attack Automation Phase 5 Maintenance WAFs play here.

7 What about all the requests before an attack is delivered? Early Detection What about all the requests before an attack is delivered? Malicious activity detected Attack vector established Number of Requests

8 Add Security Logic to the App Is there another way? Add Security Logic to the App Can you extend legacy apps to detect malicious activity from within the app itself, before a user is able to identify and exploit a vulnerability? E.g. Manipulating cookies, query parameters, input fields…

9 OWASP AppSensor Project Approaches OWASP AppSensor Project A conceptual framework for implementing intrusion detection capabilities into existing applications http://www.owasp.org/index.php/ Category:OWASP_AppSensor_Project

10 42 Detection Points AppSensor 42 Detection Points Exception# Detection Points Request4 Authentication11 Access Control6 Session4 Input2 Encoding2 Command Injection4 File IO2 User Trend4 System Trend3

11 A little unclear… Two recommendations At the business layer (aka in code), preferably using the OWASP ESAPI As a ‘cross-cutting concern’ in an Aspect-Oriented Programming approach (e.g. Java Filters) How is it implemented? AppSensor How is it implemented?

12 Strengths It’s smart A great reference for determining malicious intent, categorizing and rating incidents Strengths and Challenges AppSensor Strengths and Challenges Challenges Takes development time No tools or pre-fab solutions yet Project advances very slowly

13 The Mykonos Security Appliance Approaches The Mykonos Security Appliance A high speed HTTP processing engine that extends Web application code with intrusion detection and response capabilities at serve time. http://www.mykonossoftware.com

14 26 Detection Points The Mykonos Security Appliance 26 Detection Points Processor# Detection Points Authentication4 Cookies1 Errors2 Files2 Headers7 Inputs1 Links3 Request Methods3 Query Parameters1 Spiders2

15 How is it implemented? The Mykonos Security Appliance How is it implemented? HTTP Requests and Responses HTTP ProxySecurity Engine Processor Library Profile DB

16 Strengths It’s smart Code-aware w/o dev participation Easy to configure Strengths and Challenges The Mykonos Security Appliance Strengths and Challenges Challenges Inline proxy Throughput and latency Transparency – don’t break the app!

17 Demo The Mykonos Security Appliance Demo

Download ppt "New Techniques in Application Intrusion Detection Al Huizenga, Mykonos Product Manager May 2010."

Similar presentations

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Hands on Demonstration for Testing Security in Web Applications

Hands on Demonstration for Testing Security in Web Applications
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
OWASP. To ensure that strong simple security controls are available to every developer in every environment ESAPI Mission.

OWASP. To ensure that strong simple security controls are available to every developer in every environment ESAPI Mission.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
1 Project Part III Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez.

1 Project Part III Double Deuce Jibran Ilyas, Frank LaSota, Paul Lowder, Juan Mendez.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
Security Scanning OWASP Education Nishi Kumar Computer based training

Security Scanning OWASP Education Nishi Kumar Computer based training
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing

Similar presentations

Ads by Google