The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
AVG Internet Security 7.5 Product presentation.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
Department Of Computer Engineering
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
 Chirita Ionel  Application Security  OWASP Chapter board member.
Web Application Security Assessment and Vulnerability Assessment.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Security Imperatives in a New Workplace Partnering to Protect Digital Information in the 21st Century Presented by Michael Ferris, Alaska Enterprise Solutions.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Penetration Testing Security Analysis and Advanced Tools: Snort.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
JavaScript, Fourth Edition
Project Proposal Interface Design Website Coding Website Testing & Launching Website Maintenance.
Dell Connected Security Solutions Simplify & unify.
Honeypot and Intrusion Detection System
Web Application Firewall (WAF) RSA ® Conference 2013.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
Security Testing Case Study 360logica Software Testing Services.
10/14/2015 Introducing Worry-Free SecureSite. Copyright Trend Micro Inc. Agenda Problem –SQL injection –XSS Solution Market opportunity Target.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
New Techniques in Application Intrusion Detection Al Huizenga, Mykonos Product Manager May 2010.
© 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Cyber Security and the National.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
MANAGED SECURITY TESTING PROACTIVELY MANAGING VULNERABILITIES.
Module 10: Windows Firewall and Caching Fundamentals.
Computer Security By Duncan Hall.
Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.
Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
Keeping your network devices secure Despite constituting the lifeline of every corporate IT infrastructure, network devices happen to be the most notoriously.
BUILD SECURE PRODUCTS AND SERVICES
Stop Cyber Threats With Adaptive Micro-Segmentation
Web Application Protection Against Hackers and Vulnerabilities
Juniper Software-Defined Secure Network
Critical Security Controls
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
Real-time protection for web sites and web apps against ATTACKS
NSE4-5.4 Dumps
Jon Peppler, Menlo Security Channels
Myths About Web Application Security That You Need To Ignore.
Beyond Today’s Perimeter Defense: Radware Attack Mitigation System (AMS) Benjamin Radtke Senior SE Radware North/East Germany September 2011.
AKAMAI INTELLIGENT PLATFORM™
Security Essentials for Small Businesses
Protect Microsoft Azure Apps from the Risks of Defacement, Data Leakage and Identity Theft “Microsoft Azure is the obvious platform to deploy your cloud.
Securing web applications Externally
IP Addresses & Ports IP Addresses – identify a device on a network
INTERNET SECURITY.
Presentation transcript:

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks

Inconvenient Statistics Network Perimeter App Server Database of ALL threats are at the Web application layer. Gartner 70% of organizations have been hacked in the past two years through insecure Web apps. 73% Ponemon Institute

Hacker Threats Targeted Scans Advanced Persistent Threat (APT) Targets a specific site for any vulnerability. Script loaded onto a bot network to carry out attack. JANJUNEDEC Sophisticated, targeted attack (APT). Low and slow to avoid detection. Library Attacks Script run against multiple sites seeking a specific vulnerability. IP Scan Script Kiddie Generic scripts and tools against one site. Scripts & Tool Exploits Targeted Scan BotnetBotnet Human Hacker

The Cost of an Attack Theft RevenueReputation Sony Stolen Records | 100M Sony Direct Costs | $171M 28 day network closure Lost customers Security improvements Sony Lawsuits| $1-2B Ponemon Institute| Average breach costs $214 per record stolen

Deception Points - detect threats without false positives. Track individual devices Understand attacker’s capabilities and intent Adaptive responses, including block, warn and deceive. The Mykonos Advantage Deception-based Security Detect Track Profile Respond

Detection by Deception App Server Client Server Configuration Network Perimeter Database Firewall Query String Parameters Tar Traps Hidden Input Fields

Track Attackers Beyond the IP Track Software and Script Attacks Fingerprinting HTTP communications. Track Browser Attacks Persistent Token Capacity to persist in all browsers including various privacy control features. Track IP Address

Attacker threat level Smart Profile of Attacker Incident history Every attacker assigned a name

Respond and Deceive All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat.

Security Administration SMTP alerting Reporting (Pdf, HTML) CLI for exporting data into SIEM tool Web-based console Real-time On-demand threat information

Unified Protection Across Platforms App ServerDatabase Internal Virtualized Cloud Connective Tissue

Case Study & Customers “Within 20 minutes, ….we were looking at the activity taking place on our web applications.” “10% of our traffic was…malicious.” Keir Asher Senior Technical Analyst Brown Printing

2010 Cool Vendor Application Security “The smartest buy of the year for any organization with an online presence.” 1 st Place Winner, Security Innovators Throwdown 2010 SINET 16 Security Innovator st Place Information Security Wall Street Journal Technology Innovation Awards 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.