SlideShare ist ein Scribd-Unternehmen logo
1 von 68
Downloaden Sie, um offline zu lesen
© 2015 Imperva, Inc. All rights reserved.
The State of Application Security:
Hackers On Steroids
Itsik Mantin, Director of Security Research, Imperva
© 2015 Imperva, Inc. All rights reserved.
“Study the past if you would define the
future” (Confucius)
© 2015 Imperva, Inc. All rights reserved.
Speaker
• Director of Security Research at Imperva
• 15 years experience in the security industry
• An inventor of 15 patents in these fields
• Holds an M.Sc. in Applied Math and Computer Science
• Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other
conferences
Itsik Mantin
3
© 2015 Imperva, Inc. All rights reserved.
Making the Report
4
Attack Detection Mechanisms
Application
Profiling
5
Attack Types
6
Attack Incidents
Attack Type Min Ratio
#Alert/5min
SQLi 20
HTTP 10
XSS 5
DT 5
Spam 1
RCE 1
FU 1
Incident
Collection of alerts
Same attack type
Same target
Essentially same time
Not necessarily same IP
Incident Alert RatioIncident Alert Ratio
7
© 2015 Imperva, Inc. All rights reserved.
Attack Trends
1
8
© 2015 Imperva, Inc. All rights reserved.
Chance of Getting Attacked
9
© 2015 Imperva, Inc. All rights reserved.
Chance of Getting Attacked
Everyone’s at risk
3/4 apps attacked for
every attack type
10
© 2015 Imperva, Inc. All rights reserved.
Chance of Getting Attacked “Perfect” RCE Coverage
All applications were attacked
11
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
12
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
75th
Percentile
Median
25th
percentile
13
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
RCE and Spam are the most
popular
RCE: Median of 273
14
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
Inequality Measure
Ratio between 3rd
and 2nd
quartiles
15
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
Inequality Measure
Ratio between 3rd
and 2nd
quartiles
RCE Blind Scans
All applications suffer equally
16
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
Spam is discriminatory
Spoiler – some industries suffer
more
17
© 2015 Imperva, Inc. All rights reserved.
SQL Injection and Cross-Site Scripting
18
© 2015 Imperva, Inc. All rights reserved.
SQL Injection and Cross-Site Scripting
Most Applications see SQLi and
XSS every other week
Median of 12-13 for 6-month period
3-5 days for topQ applications
19
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
#Incidents
20
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
SQLi Persistent Growth
100% increase in 2014
200% increase in 2015
#Incidents
XSS Persistent Growth
100% increase in 2014
150% increase in 2015
21
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
#Incidents
22
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
23
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
24
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Down-Trends
#Incidents
25
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Down-Trends
#Incidents
RFI was on fire in 2014
Super-popular attack vector in 2014
Back to “normal” in 2015
26
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Down-Trends
#Incidents
DT Decrease
2014 trend changed
Spoiler – in one industry DT is still
the attack of choice
27
© 2015 Imperva, Inc. All rights reserved.
Magnitude of Attacks
28
© 2015 Imperva, Inc. All rights reserved.
Magnitude of Attacks
SQLi Attacks are most Intensive
72-204 alerts for quartile 3 (of the incidents)
300K alerts in most intensive attack
29
© 2015 Imperva, Inc. All rights reserved.
Reputation
2
30
Reputation
31
Reputation
32
Reputation
Serial Attackers – 70%
Anonymous Browsing – 8%
33
© 2015 Imperva, Inc. All rights reserved.
Serial Attackers Vs. Anonymous Browsing
34
© 2015 Imperva, Inc. All rights reserved.
Serial Attackers Vs. Anonymous Browsing
35
© 2015 Imperva, Inc. All rights reserved.
Serial Attackers Vs. Anonymous Browsing
140,000 anonymous browsing
1,800,000 detect-by-content
12,500,000 serial attackers
1,700,000 anonymous browsing
280,000 detect-by-content
28,000 serial attackers
36
© 2015 Imperva, Inc. All rights reserved.
Industry Trends
3
37
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Computer
DT FU HTTP RFI SQLi XSSSpamRCE
38
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Computer
DT FU HTTP RFI SQLi XSSSpamRCE
Massive Spam/RCE
Campaigns
39
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Computer
DT FU HTTP RFI SQLi XSSSpamRCE
RCE blind scans
Massive Spam/RCE
Campaigns
40
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Computer
DT FU HTTP RFI SQLi XSSSpamRCE
RCE blind scans
Spam focused on travel
applications
Massive Spam/RCE
Campaigns
41
© 2015 Imperva, Inc. All rights reserved.
Attack Types
42
© 2015 Imperva, Inc. All rights reserved.
Attack Types
43
© 2015 Imperva, Inc. All rights reserved.
Attack Types
57% XSS incidents
on Health
44
© 2015 Imperva, Inc. All rights reserved.
Attack Types
37% DT incidents on
Food
45
© 2015 Imperva, Inc. All rights reserved.
Web Framework Trends
4
46
© 2015 Imperva, Inc. All rights reserved.
Content Management Systems
47
© 2015 Imperva, Inc. All rights reserved.
CMS Trends
All CMS
Non CMS
Applications
48
© 2015 Imperva, Inc. All rights reserved.
CMS Trends
All CMS
Non CMS
Applications
CMS At Risk
CMS applications are attacked 3 Times more often
Trend consistent for all attack types
49
© 2015 Imperva, Inc. All rights reserved.
WordPress Trends
Other CMS
Non CMS
WordPress
50
© 2015 Imperva, Inc. All rights reserved.
WordPress Trends
Other CMS
Non CMS
WordPress
WordPress at More Risk
3.5 times more attacks than non-CMS Applications
7 times more RFI and Spam Attacks
51
© 2015 Imperva, Inc. All rights reserved.
WordPress Trends
Other CMS
Non CMS
WordPress
WordPress at More Risk
3.5 times more attacks than non-CMS Applications
7 times more RFI and Spam Attacks
WordPress at More Risk
3.5 times more attacks than non-CMS Applications
7 times more RFI and Spam Attacks
52
© 2015 Imperva, Inc. All rights reserved.
Geographic Trends
53
© 2015 Imperva, Inc. All rights reserved.
Geographic Attack Trends
Country Absolute
#Requests
Internet Users
US 17,671,816 278,553,524
China 8,227,498 672,585,110
UK 2,224,749 59,097,955
54
© 2015 Imperva, Inc. All rights reserved.
Geographic Attack – Year-over-Year
55
© 2015 Imperva, Inc. All rights reserved.
Case Studies
6
56
© 2015 Imperva, Inc. All rights reserved.
Shellshock Mega-Trend
57
© 2015 Imperva, Inc. All rights reserved.
Shellshock Mega-Trend 75,000 incidents
189 applications
26,000 incidents
137 applications
23,000 incidents
174 applications
57,500 incidents
193 applications
58
© 2015 Imperva, Inc. All rights reserved.
SQLi Cases Study
59
© 2015 Imperva, Inc. All rights reserved.
SQLi Cases Study 6,800 alerts
per hour
60
© 2015 Imperva, Inc. All rights reserved.
Scraping Case Study
• TOR Massive Scraping attack
• 2 million requests
• 777 TOR Ips
• User-Agent faking
61
© 2015 Imperva, Inc. All rights reserved.
Scraping Case Study
62
© 2015 Imperva, Inc. All rights reserved.
Scraping Case Study
63
© 2015 Imperva, Inc. All rights reserved.
Conclusions
64
© 2015 Imperva, Inc. All rights reserved.
Recommendations
65
© 2015 Imperva, Inc. All rights reserved.
Q&A
7
66
© 2015 Imperva, Inc. All rights reserved.
Download 2015 Web Application Attack Report
67
http://www.imperva.com/DefenseCenter/WAAR
The State of Application Security: Hackers On Steroids

Weitere ähnliche Inhalte

Was ist angesagt?

An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Imperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsRahul Neel Mani
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
 

Was ist angesagt? (20)

An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
 
IBM Security QRadar
 IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 

Ähnlich wie The State of Application Security: Hackers On Steroids

An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the oddsAPIsecure_ Official
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlSqrrl
 
State of the Phish Webinar 2015
State of the Phish Webinar 2015State of the Phish Webinar 2015
State of the Phish Webinar 2015ThreatSim
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Jeremiah Grossman
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps successWinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps successWinOps Conf
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookCyren, Inc
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecurityHelpSystems
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareCyren, Inc
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramDenim Group
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptxSolarwinds N-able
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage YearsJeremiah Grossman
 
Experian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo SessionExperian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo SessionExperian
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachKevin Murphy
 

Ähnlich wie The State of Application Security: Hackers On Steroids (20)

An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
State of the Phish Webinar 2015
State of the Phish Webinar 2015State of the Phish Webinar 2015
State of the Phish Webinar 2015
 
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
Where Flow Charts Don’t Go -- Website Security Statistics Report (2015)
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps successWinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for Healthcare
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
 
Experian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo SessionExperian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo Session
 
Leveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future BreachLeveraging Compliance to “Help” Prevent a Future Breach
Leveraging Compliance to “Help” Prevent a Future Breach
 

Mehr von Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2: New attacks on the Internet’s Next Generation FoundationHacking HTTP/2: New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 

Mehr von Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2: New attacks on the Internet’s Next Generation FoundationHacking HTTP/2: New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 

Kürzlich hochgeladen

Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...PrithaVashisht1
 
How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?sonikadigital1
 
Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Vladislav Solodkiy
 
YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.JasonViviers2
 
Virtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product IntroductionVirtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product Introductionsanjaymuralee1
 
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Guido X Jansen
 
ChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics InfrastructureChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics Infrastructuresonikadigital1
 
Master's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationMaster's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationGiorgio Carbone
 
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityStrategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityAggregage
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionajayrajaganeshkayala
 
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxTINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxDwiAyuSitiHartinah
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024Becky Burwell
 
Mapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxMapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxVenkatasubramani13
 
AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)Data & Analytics Magazin
 
5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best PracticesDataArchiva
 
MEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptMEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptaigil2
 
The Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerThe Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerPavel Šabatka
 

Kürzlich hochgeladen (17)

Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...Elements of language learning - an analysis of how different elements of lang...
Elements of language learning - an analysis of how different elements of lang...
 
How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?How is Real-Time Analytics Different from Traditional OLAP?
How is Real-Time Analytics Different from Traditional OLAP?
 
Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023Cash Is Still King: ATM market research '2023
Cash Is Still King: ATM market research '2023
 
YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.YourView Panel Book.pptx YourView Panel Book.
YourView Panel Book.pptx YourView Panel Book.
 
Virtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product IntroductionVirtuosoft SmartSync Product Introduction
Virtuosoft SmartSync Product Introduction
 
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
Persuasive E-commerce, Our Biased Brain @ Bikkeldag 2024
 
ChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics InfrastructureChistaDATA Real-Time DATA Analytics Infrastructure
ChistaDATA Real-Time DATA Analytics Infrastructure
 
Master's Thesis - Data Science - Presentation
Master's Thesis - Data Science - PresentationMaster's Thesis - Data Science - Presentation
Master's Thesis - Data Science - Presentation
 
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for ClarityStrategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity
 
CI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual interventionCI, CD -Tools to integrate without manual intervention
CI, CD -Tools to integrate without manual intervention
 
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptxTINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
TINJUAN PEMROSESAN TRANSAKSI DAN ERP.pptx
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
 
Mapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptxMapping the pubmed data under different suptopics using NLP.pptx
Mapping the pubmed data under different suptopics using NLP.pptx
 
AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)AI for Sustainable Development Goals (SDGs)
AI for Sustainable Development Goals (SDGs)
 
5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices5 Ds to Define Data Archiving Best Practices
5 Ds to Define Data Archiving Best Practices
 
MEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .pptMEASURES OF DISPERSION I BSc Botany .ppt
MEASURES OF DISPERSION I BSc Botany .ppt
 
The Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayerThe Universal GTM - how we design GTM and dataLayer
The Universal GTM - how we design GTM and dataLayer
 

The State of Application Security: Hackers On Steroids

  • 1. © 2015 Imperva, Inc. All rights reserved. The State of Application Security: Hackers On Steroids Itsik Mantin, Director of Security Research, Imperva
  • 2. © 2015 Imperva, Inc. All rights reserved. “Study the past if you would define the future” (Confucius)
  • 3. © 2015 Imperva, Inc. All rights reserved. Speaker • Director of Security Research at Imperva • 15 years experience in the security industry • An inventor of 15 patents in these fields • Holds an M.Sc. in Applied Math and Computer Science • Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences Itsik Mantin 3
  • 4. © 2015 Imperva, Inc. All rights reserved. Making the Report 4
  • 7. Attack Incidents Attack Type Min Ratio #Alert/5min SQLi 20 HTTP 10 XSS 5 DT 5 Spam 1 RCE 1 FU 1 Incident Collection of alerts Same attack type Same target Essentially same time Not necessarily same IP Incident Alert RatioIncident Alert Ratio 7
  • 8. © 2015 Imperva, Inc. All rights reserved. Attack Trends 1 8
  • 9. © 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked 9
  • 10. © 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked Everyone’s at risk 3/4 apps attacked for every attack type 10
  • 11. © 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked “Perfect” RCE Coverage All applications were attacked 11
  • 12. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 12
  • 13. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 75th Percentile Median 25th percentile 13
  • 14. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents RCE and Spam are the most popular RCE: Median of 273 14
  • 15. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles 15
  • 16. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles RCE Blind Scans All applications suffer equally 16
  • 17. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Spam is discriminatory Spoiler – some industries suffer more 17
  • 18. © 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting 18
  • 19. © 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting Most Applications see SQLi and XSS every other week Median of 12-13 for 6-month period 3-5 days for topQ applications 19
  • 20. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 20
  • 21. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends SQLi Persistent Growth 100% increase in 2014 200% increase in 2015 #Incidents XSS Persistent Growth 100% increase in 2014 150% increase in 2015 21
  • 22. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 22
  • 23. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 23
  • 24. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 24
  • 25. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents 25
  • 26. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents RFI was on fire in 2014 Super-popular attack vector in 2014 Back to “normal” in 2015 26
  • 27. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents DT Decrease 2014 trend changed Spoiler – in one industry DT is still the attack of choice 27
  • 28. © 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks 28
  • 29. © 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks SQLi Attacks are most Intensive 72-204 alerts for quartile 3 (of the incidents) 300K alerts in most intensive attack 29
  • 30. © 2015 Imperva, Inc. All rights reserved. Reputation 2 30
  • 33. Reputation Serial Attackers – 70% Anonymous Browsing – 8% 33
  • 34. © 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 34
  • 35. © 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 35
  • 36. © 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 140,000 anonymous browsing 1,800,000 detect-by-content 12,500,000 serial attackers 1,700,000 anonymous browsing 280,000 detect-by-content 28,000 serial attackers 36
  • 37. © 2015 Imperva, Inc. All rights reserved. Industry Trends 3 37
  • 38. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE 38
  • 39. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE Massive Spam/RCE Campaigns 39
  • 40. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Massive Spam/RCE Campaigns 40
  • 41. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Spam focused on travel applications Massive Spam/RCE Campaigns 41
  • 42. © 2015 Imperva, Inc. All rights reserved. Attack Types 42
  • 43. © 2015 Imperva, Inc. All rights reserved. Attack Types 43
  • 44. © 2015 Imperva, Inc. All rights reserved. Attack Types 57% XSS incidents on Health 44
  • 45. © 2015 Imperva, Inc. All rights reserved. Attack Types 37% DT incidents on Food 45
  • 46. © 2015 Imperva, Inc. All rights reserved. Web Framework Trends 4 46
  • 47. © 2015 Imperva, Inc. All rights reserved. Content Management Systems 47
  • 48. © 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications 48
  • 49. © 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications CMS At Risk CMS applications are attacked 3 Times more often Trend consistent for all attack types 49
  • 50. © 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress 50
  • 51. © 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 51
  • 52. © 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 52
  • 53. © 2015 Imperva, Inc. All rights reserved. Geographic Trends 53
  • 54. © 2015 Imperva, Inc. All rights reserved. Geographic Attack Trends Country Absolute #Requests Internet Users US 17,671,816 278,553,524 China 8,227,498 672,585,110 UK 2,224,749 59,097,955 54
  • 55. © 2015 Imperva, Inc. All rights reserved. Geographic Attack – Year-over-Year 55
  • 56. © 2015 Imperva, Inc. All rights reserved. Case Studies 6 56
  • 57. © 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 57
  • 58. © 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 75,000 incidents 189 applications 26,000 incidents 137 applications 23,000 incidents 174 applications 57,500 incidents 193 applications 58
  • 59. © 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 59
  • 60. © 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 6,800 alerts per hour 60
  • 61. © 2015 Imperva, Inc. All rights reserved. Scraping Case Study • TOR Massive Scraping attack • 2 million requests • 777 TOR Ips • User-Agent faking 61
  • 62. © 2015 Imperva, Inc. All rights reserved. Scraping Case Study 62
  • 63. © 2015 Imperva, Inc. All rights reserved. Scraping Case Study 63
  • 64. © 2015 Imperva, Inc. All rights reserved. Conclusions 64
  • 65. © 2015 Imperva, Inc. All rights reserved. Recommendations 65
  • 66. © 2015 Imperva, Inc. All rights reserved. Q&A 7 66
  • 67. © 2015 Imperva, Inc. All rights reserved. Download 2015 Web Application Attack Report 67 http://www.imperva.com/DefenseCenter/WAAR

Hinweis der Redaktion

  1. Motivation Target audience Tradition
  2. 198 WAF customers 103,455,308 security events The team - ADC led by CTO Next slide - The alerts were gathered with …
  3. Positive Negative vs. Positive security model Crowd sourcing Distinction – content vs. reputation Next slide – this distinction
  4. Focus on attack types Reputation-based detection vs. Content-based detection
  5. Incident – collection of requests which seem to belong to the same attack The IP dilemma
  6. # of attacks within the report period
  7. Most prominent - Everyone’s at risk For every attack type (RCE), at least 3/4 applications (100%) were attacked If you expose your application to the Internet – you will get attacked
  8. If you expose your application to the Internet – you will get attacked Next slide - How many attacks…..
  9. Explain the diagram Explain the quartiles notion
  10. Explain the diagram Explain the quartiles notion
  11. RCE – 273-591 for the Q3 (Shellshock) Spam: 24-276 attacks on Q3 Notice the difference between RCE and Spam
  12. Equality Measure Spam is outstanding RCE is lowest Next slide – zoomin to other attack types
  13. Equality Measure Spam is outstanding RCE is lowest Next slide – zoomin to other attack types
  14. Equality Measure Spam is outstanding RCE is lowest Next slide – zoomin to other attack types
  15. Explain the diagram – attacks during 6 months Next slide – year over year
  16. Explain the diagram – attacks during 6 months Next slide – year over year
  17. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  18. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  19. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  20. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  21. Diagram – we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide – down trends
  22. Next slide – from number of attacks to the intern of attacks - magnitude
  23. Next slide – from number of attacks to the intern of attacks - magnitude
  24. Next slide – from number of attacks to the intern of attacks - magnitude
  25. Attacks mounted by scanners Typical SQLi attack includes more than 70 requests, usually arriving in bursts over a short period The most intensive SQLi attack spanned 300,000 malicious requests
  26. Attacks mounted by scanners Typical SQLi attack includes more than 70 requests, usually arriving in bursts over a short period The most intensive SQLi attack spanned 300,000 malicious requests
  27. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  28. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  29. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  30. Zoom into the data X/Y-axis. Limit 2M Different points in time different mitigations are more effective
  31. Zoom into the data X/Y-axis. Limit 2M Different points in time different mitigations are more effective
  32. Insights on the different industries => show the percent of incidents for each attack type The dominance of RCE and Spam => zoom in
  33. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  34. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  35. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  36. 3 groups WordPress is popular
  37. Normalized the absolute # requests by the internet users published by the world bank The bigger the bubble the traffic is more malicious
  38. Netherlands and USA in the top five second 2 year in a row Cyprus, Costa Rica, Switzerland were dominant last year and are not dominant anymore.
  39. One of the most significant security event Zoom into the Shellshock incidents Week-by-week analysis Remind you – 2015 period while Shellshock was published during September 2014 2 waves: the first is during September 2014, right after the publication – not in the report The second is during weeks 14-19 – April 2015 Seven month after the publication, attackers hit again
  40. One of the most significant security event Zoom into the Shellshock incidents Week-by-week analysis Remind you – 2015 period while Shellshock was published during September 2014 2 waves: the first is during September 2014, right after the publication – not in the report The second is during weeks 14-19 – April 2015 Seven month after the publication, attackers hit again
  41. Focus on one application that was highly attacked. The attack lasted 4 days with high SQLi activity. 6,800 Alerts per hour, The attacks had similar patterns Blocked by content and by reputation, negative security model, signatures, policies 2 waves – the first one faded away on the third day and a new wave on the 4th day We believe that the first wave faded away due to our blocking mechanisms and the second wave was used with a new pool of Ips to try to avoid blocking
  42. Focus on one application that was highly attacked. The attack lasted 4 days with high SQLi activity. 6,800 Alerts per hour, The attacks had similar patterns Blocked by content and by reputation, negative security model, signatures, policies 2 waves – the first one faded away on the third day and a new wave on the 4th day We believe that the first wave faded away due to our blocking mechanisms and the second wave was used with a new pool of Ips to try to avoid blocking
  43. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  44. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  45. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  46. 3 out of 4 applications are attacked Crowd sourcing is effective – 4 out of 5 Shellshock mega-trend influenced cyberspace Y2Y increase
  47. Mega trend vulnerabilities spread like wildfire: keep updated with new vulnerabilities mitigations Be part of a community defense: it prevents attacks and saves CPU