The State of Application Security: Hackers On Steroids

Imperva
Marketing Communications Manager um Imperva
18. Nov 2015
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
1 von 68

The State of Application Security: Hackers On Steroids

18. Nov 2015
Downloaden Sie, um offline zu lesen
Daten & Analysen
Internet
Technologie

Organizations of all sizes face a universal security threat from today’s organized hacking industry. Why? Hackers have decreased costs and expanded their reach with tools and technologies that allow for automated attacks against Web applications. This presentation will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report. View this presentation for an in-depth view of the threat landscape for the year. We will: - Discuss hacking trends and shifts - Provide breach analysis by geography, industry, and attack type - Detail next steps for improved security controls and risk management processes

Imperva
Marketing Communications Manager um Imperva

Recomendados

Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva2.1K views32 Folien
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva994 views23 Folien
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva1.6K views25 Folien
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva1.9K views22 Folien
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva1.2K views31 Folien
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva2.4K views18 Folien

Más contenido relacionado

Was ist angesagt?

An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva1.7K views39 Folien
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva1.7K views19 Folien
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva2.9K views22 Folien
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva1.4K views35 Folien
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva2.9K views27 Folien
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon1.7K views61 Folien

Was ist angesagt?(20)

An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
Imperva1.7K views
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
Imperva1.7K views
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
Imperva2.9K views
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
Imperva1.4K views
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
Imperva2.9K views
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
jenkoon1.7K views
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
Imperva2.9K views
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)
Imperva1.3K views
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva1.7K views
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Imperva1.8K views
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
Imperva2.6K views
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh2.5K views
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security956 views
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
Camilo Fandiño Gómez1.8K views
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
Rahul Neel Mani766 views
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez7.5K views
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa857 views
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez5K views
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security2.7K views
Be the Hunter Be the Hunter
Be the Hunter
Rahul Neel Mani512 views

Similar a The State of Application Security: Hackers On Steroids

An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula737 views40 Folien
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva20K views42 Folien
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the oddsAPIsecure_ Official62 views24 Folien
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl575 views37 Folien
State of the Phish Webinar 2015State of the Phish Webinar 2015
State of the Phish Webinar 2015ThreatSim525 views18 Folien
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Jeremiah Grossman2.1K views34 Folien

Similar a The State of Application Security: Hackers On Steroids(20)

An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
Imperva Incapsula737 views
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva20K views
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
APIsecure_ Official62 views
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
Sqrrl575 views
State of the Phish Webinar 2015State of the Phish Webinar 2015
State of the Phish Webinar 2015
ThreatSim525 views
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Jeremiah Grossman2.1K views
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg492 views
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl1.2K views
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Cyren, Inc449 views
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps successWinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf540 views
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Cyren, Inc863 views
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck by Synopsys2.1K views
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
HelpSystems281 views
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for Healthcare
Cyren, Inc598 views
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl5K views
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
Denim Group1.5K views
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
Solarwinds N-able877 views
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
Jeremiah Grossman2.6K views
Experian and 41st Parameter - 2015 CNP Expo SessionExperian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo Session
Experian1.8K views
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future Breach
Kevin Murphy51 views

Más de Imperva

Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva10.2K views15 Folien
API Security SurveyAPI Security Survey
API Security SurveyImperva7.4K views14 Folien
Imperva pptImperva ppt
Imperva pptImperva4K views9 Folien
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva2K views26 Folien
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva1.7K views23 Folien
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva5.7K views17 Folien

Más de Imperva(20)

Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
Imperva10.2K views
API Security SurveyAPI Security Survey
API Security Survey
Imperva7.4K views
Imperva pptImperva ppt
Imperva ppt
Imperva4K views
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
Imperva2K views
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
Imperva1.7K views
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
Imperva5.7K views
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
Imperva1.5K views
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
Imperva3.1K views
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
Imperva1.5K views
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
Imperva1.1K views
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
Imperva1K views
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
Imperva1.2K views
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
Imperva704 views
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
Imperva913 views
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
Imperva372 views
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
Imperva475 views
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
Imperva464 views
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
Imperva513 views
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Imperva2.5K views
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
Imperva2.6K views

Último

Quantum Karnaugh map in NV-center Quantum ComputerQuantum Karnaugh map in NV-center Quantum Computer
Quantum Karnaugh map in NV-center Quantum Computerssuserb645ae11 views17 Folien
2019-06-21 YC Preso V5.pdf2019-06-21 YC Preso V5.pdf
2019-06-21 YC Preso V5.pdfYue Cathy Chang7 views36 Folien
Introduction to Graph Databases.pdfIntroduction to Graph Databases.pdf
Introduction to Graph Databases.pdfNeo4j12 views11 Folien
Dunning - SIGMOD - Data Economy.pptxDunning - SIGMOD - Data Economy.pptx
Dunning - SIGMOD - Data Economy.pptxTed Dunning5 views21 Folien
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...apidays9 views16 Folien
Introduction to Cypher Introduction to Cypher
Introduction to Cypher Neo4j16 views48 Folien

Último(20)

Quantum Karnaugh map in NV-center Quantum ComputerQuantum Karnaugh map in NV-center Quantum Computer
Quantum Karnaugh map in NV-center Quantum Computer
ssuserb645ae11 views
2019-06-21 YC Preso V5.pdf2019-06-21 YC Preso V5.pdf
2019-06-21 YC Preso V5.pdf
Yue Cathy Chang7 views
Introduction to Graph Databases.pdfIntroduction to Graph Databases.pdf
Introduction to Graph Databases.pdf
Neo4j12 views
Dunning - SIGMOD - Data Economy.pptxDunning - SIGMOD - Data Economy.pptx
Dunning - SIGMOD - Data Economy.pptx
Ted Dunning5 views
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays London 2023 - Revolutionising fitness and well-being, David Turner, V...
apidays9 views
Introduction to Cypher Introduction to Cypher
Introduction to Cypher
Neo4j16 views
G20.pptxG20.pptx
G20.pptx
vazid ali khan8 views
Predictive HR Analytics_ Mastering the HR Metric ( PDFDrive ).pdfPredictive HR Analytics_ Mastering the HR Metric ( PDFDrive ).pdf
Predictive HR Analytics_ Mastering the HR Metric ( PDFDrive ).pdf
Santhosh Prabhu41 views
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst
apidays London 2023 - When to soar and when to dive, Claire Barrett, APIsFirst
apidays8 views
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeusapidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus
apidays London 2023 - 7 pillars of an API Factory, Patrick Brosse, Amadeus
apidays12 views
apidays London 2023 - Uptime, Mean-Time, and Ahead of Your Time, Anna Daugher...apidays London 2023 - Uptime, Mean-Time, and Ahead of Your Time, Anna Daugher...
apidays London 2023 - Uptime, Mean-Time, and Ahead of Your Time, Anna Daugher...
apidays7 views
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...
apidays London 2023 - Let's make "true" impact happen!, Sandra Sydow, Climate...
apidays7 views
BLOCK CHAIN TECHNOLOGY.pptxBLOCK CHAIN TECHNOLOGY.pptx
BLOCK CHAIN TECHNOLOGY.pptx
Priyanka74952311 views
Your Analytics does not have to be dramatic to be usefulYour Analytics does not have to be dramatic to be useful
Your Analytics does not have to be dramatic to be useful
Andrew Patricio21 views
Cost of Living UpdateCost of Living Update
Cost of Living Update
ARCResearch18 views
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays London 2023 - Advanced AI-powered API Security, Ricky Moorhouse (IBM)...
apidays8 views
Programming Portfolio Nahari RasifProgramming Portfolio Nahari Rasif
Programming Portfolio Nahari Rasif
NahariRasif19 views
apidays London 2023 - Open Standards, AI and Data for better business decisio...apidays London 2023 - Open Standards, AI and Data for better business decisio...
apidays London 2023 - Open Standards, AI and Data for better business decisio...
apidays11 views
Proposal Presentation Proposal Presentation
Proposal Presentation
SolarBhai12 views
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...
apidays London 2023 - Overengineering Weakens your API Security, Dr. David Va...
apidays9 views

The State of Application Security: Hackers On Steroids

Hinweis der Redaktion

  1. Motivation Target audience Tradition
  2. 198 WAF customers 103,455,308 security events The team - ADC led by CTO Next slide - The alerts were gathered with …
  3. Positive Negative vs. Positive security model Crowd sourcing Distinction – content vs. reputation Next slide – this distinction
  4. Focus on attack types Reputation-based detection vs. Content-based detection
  5. Incident – collection of requests which seem to belong to the same attack The IP dilemma
  6. # of attacks within the report period
  7. Most prominent - Everyone’s at risk For every attack type (RCE), at least 3/4 applications (100%) were attacked If you expose your application to the Internet – you will get attacked
  8. If you expose your application to the Internet – you will get attacked Next slide - How many attacks…..
  9. Explain the diagram Explain the quartiles notion
  10. Explain the diagram Explain the quartiles notion
  11. RCE – 273-591 for the Q3 (Shellshock) Spam: 24-276 attacks on Q3 Notice the difference between RCE and Spam
  12. Equality Measure Spam is outstanding RCE is lowest Next slide – zoomin to other attack types
  13. Equality Measure Spam is outstanding RCE is lowest Next slide – zoomin to other attack types
  14. Equality Measure Spam is outstanding RCE is lowest Next slide – zoomin to other attack types
  15. Explain the diagram – attacks during 6 months Next slide – year over year
  16. Explain the diagram – attacks during 6 months Next slide – year over year
  17. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  18. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  19. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  20. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  21. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  22. Next slide – from number of attacks to the intern of attacks - magnitude
  23. Next slide – from number of attacks to the intern of attacks - magnitude
  24. Next slide – from number of attacks to the intern of attacks - magnitude
  25. Attacks mounted by scanners Typical SQLi attack includes more than 70 requests, usually arriving in bursts over a short period The most intensive SQLi attack spanned 300,000 malicious requests
  26. Attacks mounted by scanners Typical SQLi attack includes more than 70 requests, usually arriving in bursts over a short period The most intensive SQLi attack spanned 300,000 malicious requests
  27. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  28. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  29. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  30. Zoom into the data X/Y-axis. Limit 2M Different points in time different mitigations are more effective
  31. Zoom into the data X/Y-axis. Limit 2M Different points in time different mitigations are more effective
  32. Insights on the different industries => show the percent of incidents for each attack type The dominance of RCE and Spam => zoom in
  33. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  34. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  35. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  36. 3 groups WordPress is popular
  37. Normalized the absolute # requests by the internet users published by the world bank The bigger the bubble the traffic is more malicious
  38. Netherlands and USA in the top five second 2 year in a row Cyprus, Costa Rica, Switzerland were dominant last year and are not dominant anymore.
  39. One of the most significant security event Zoom into the Shellshock incidents Week-by-week analysis Remind you – 2015 period while Shellshock was published during September 2014 2 waves: the first is during September 2014, right after the publication – not in the report The second is during weeks 14-19 – April 2015 Seven month after the publication, attackers hit again
  40. One of the most significant security event Zoom into the Shellshock incidents Week-by-week analysis Remind you – 2015 period while Shellshock was published during September 2014 2 waves: the first is during September 2014, right after the publication – not in the report The second is during weeks 14-19 – April 2015 Seven month after the publication, attackers hit again
  41. Focus on one application that was highly attacked. The attack lasted 4 days with high SQLi activity. 6,800 Alerts per hour, The attacks had similar patterns Blocked by content and by reputation, negative security model, signatures, policies 2 waves – the first one faded away on the third day and a new wave on the 4th day We believe that the first wave faded away due to our blocking mechanisms and the second wave was used with a new pool of Ips to try to avoid blocking
  42. Focus on one application that was highly attacked. The attack lasted 4 days with high SQLi activity. 6,800 Alerts per hour, The attacks had similar patterns Blocked by content and by reputation, negative security model, signatures, policies 2 waves – the first one faded away on the third day and a new wave on the 4th day We believe that the first wave faded away due to our blocking mechanisms and the second wave was used with a new pool of Ips to try to avoid blocking
  43. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  44. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  45. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  46. 3 out of 4 applications are attacked Crowd sourcing is effective – 4 out of 5 Shellshock mega-trend influenced cyberspace Y2Y increase
  47. Mega trend vulnerabilities spread like wildfire: keep updated with new vulnerabilities mitigations Be part of a community defense: it prevents attacks and saves CPU