'

The State of Application Security: Hackers On Steroids

Понравилась презентация – покажи это...





Слайд 0

The State of Application Security: Hackers On Steroids Itsik Mantin, Director of Security Research, Imperva


Слайд 1

“Study the past if you would define the future” (Confucius)


Слайд 2

Speaker Director of Security Research at Imperva 15 years experience in the security industry An inventor of 15 patents in these fields Holds an M.Sc. in Applied Math and Computer Science Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences Itsik Mantin 3


Слайд 3

198 Applications WAAR #6 Report 103,455,308 Alerts 6 Months Making the Report Cleaning Classification Aggregation Analysis 4


Слайд 4

Attack Detection Mechanisms Application Profiling 5


Слайд 5

Attack Types 6


Слайд 6

Attack Incidents Incident Collection of alerts Same attack type Same target Essentially same time Not necessarily same IP 7


Слайд 7

Attack Trends 1 8


Слайд 8

Chance of Getting Attacked 9


Слайд 9

Chance of Getting Attacked Everyone’s at risk 3/4 apps attacked for every attack type 10


Слайд 10

Chance of Getting Attacked “Perfect” RCE Coverage All applications were attacked 11


Слайд 11

Number of Attack Incidents 12


Слайд 12

Number of Attack Incidents 13


Слайд 13

Number of Attack Incidents RCE and Spam are the most popular RCE: Median of 273 14


Слайд 14

Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles 15


Слайд 15

Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles RCE Blind Scans All applications suffer equally 16


Слайд 16

Number of Attack Incidents Spam is discriminatory Spoiler – some industries suffer more 17


Слайд 17

SQL Injection and Cross-Site Scripting 18


Слайд 18

SQL Injection and Cross-Site Scripting Most Applications see SQLi and XSS every other week Median of 12-13 for 6-month period 3-5 days for topQ applications 19


Слайд 19

Year-over-Year Up-Trends # Incidents 20


Слайд 20

Year-over-Year Up-Trends SQLi Persistent Growth 100% increase in 2014 200% increase in 2015 # Incidents XSS Persistent Growth 100% increase in 2014 150% increase in 2015 21


Слайд 21

Year-over-Year Up-Trends # Incidents Exponential Growth 22


Слайд 22

Year-over-Year Up-Trends Exponential Growth 23


Слайд 23

Year-over-Year Up-Trends Exponential Growth 24


Слайд 24

Year-over-Year Down-Trends # Incidents 25


Слайд 25

Year-over-Year Down-Trends # Incidents RFI was on fire in 2014 Super-popular attack vector in 2014 Back to “normal” in 2015 26


Слайд 26

Year-over-Year Down-Trends # Incidents DT Decrease 2014 trend changed Spoiler – in one industry DT is still the attack of choice 27


Слайд 27

Magnitude of Attacks 28


Слайд 28

Magnitude of Attacks SQLi Attacks are most Intensive 72-204 alerts for quartile 3 (of the incidents) 300K alerts in most intensive attack 29


Слайд 29

Reputation 2 30


Слайд 30

Reputation 31


Слайд 31

Reputation 80,605,285 Alerts 78% 22,850,023 Alerts 22% 32


Слайд 32

Reputation 80,605,285 Alerts 78% 22,850,023 Alerts 22% Serial Attackers – 70% Anonymous Browsing – 8% 33


Слайд 33

Serial Attackers Vs. Anonymous Browsing 34


Слайд 34

Serial Attackers Vs. Anonymous Browsing 35


Слайд 35

Serial Attackers Vs. Anonymous Browsing 140,000 anonymous browsing 1,800,000 detect-by-content 12,500,000 serial attackers 1,700,000 anonymous browsing 280,000 detect-by-content 28,000 serial attackers 36


Слайд 36

Industry Trends 3 37


Слайд 37

Per-Industry Trends DT FU HTTP RFI SQLi XSS Spam RCE 38


Слайд 38

Per-Industry Trends DT FU HTTP RFI SQLi XSS Spam RCE Massive Spam/RCE Campaigns 39


Слайд 39

Per-Industry Trends DT FU HTTP RFI SQLi XSS Spam RCE RCE blind scans Massive Spam/RCE Campaigns 40


Слайд 40

Per-Industry Trends DT FU HTTP RFI SQLi XSS Spam RCE RCE blind scans Spam focused on travel applications Massive Spam/RCE Campaigns 41


Слайд 41

Attack Types 42


Слайд 42

Attack Types 43


Слайд 43

Attack Types 57% XSS incidents on Health 44


Слайд 44

Attack Types 37% DT incidents on Food 45


Слайд 45

Web Framework Trends 4 46


Слайд 46

Content Management Systems CMS Applications (excluding WordPress) Non-CMS Applications WordPress Applications 47


Слайд 47

CMS Trends 48


Слайд 48

CMS Trends CMS At Risk CMS applications are attacked 3 Times more often Trend consistent for all attack types 49


Слайд 49

WordPress Trends Other CMS Non CMS WordPress 50


Слайд 50

WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 51


Слайд 51

WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 52


Слайд 52

Geographic Trends 53


Слайд 53

Geographic Attack Trends 54


Слайд 54

Geographic Attack – Year-over-Year 2015 2014 55


Слайд 55

Case Studies 6 56


Слайд 56

Shellshock Mega-Trend 57


Слайд 57

Shellshock Mega-Trend 75,000 incidents 189 applications 26,000 incidents 137 applications 23,000 incidents 174 applications 57,500 incidents 193 applications 58


Слайд 58

SQLi Cases Study 59


Слайд 59

SQLi Cases Study 6,800 alerts per hour 60


Слайд 60

Scraping Case Study TOR Massive Scraping attack 2 million requests 777 TOR Ips User-Agent faking 61


Слайд 61

Scraping Case Study 62


Слайд 62

Scraping Case Study 63


Слайд 63

Conclusions 64


Слайд 64

Recommendations 65


Слайд 65

Q&A 7 66


Слайд 66

Download 2015 Web Application Attack Report 67 http://www.imperva.com/DefenseCenter/WAAR


Слайд 67


×

HTML:





Ссылка: