Getting the most from Application Security in your SOC by Leigh Collett

•

0 likes•47 views

We all understand the need to get application security right, but how do you tell if someone is attempting to break or abuse your application? This session will discuss how your security operations team might look at this, and the challenges presented when your CISO asks those questions.

Technology

Getting the most from
Application Security in your SOC
Leigh Collett
leigh@isc2-chapter.cz
2
www.isc2-chapter.cz

3
» AIM
• Understand what application security
monitoring means to the SOC
• Provide some insight into how security
monitoring can be incorporated into
application development

4
» What does the SOC Monitor?
• Classically:
• Anti-Virus
• Firewalls
• IDS/IPS/WAF
• Operating Systems
• Databases
Infrastructure Monitoring

5
» How is it tied together?
• Normalisation
• Correlation
IDS Event
• Attack
signature
Vulnerability
Correlation
• Confirmed
Vulnerable
Raise Alert
OS
Authorisation
Event
• Successful
Attack Alert

6
» What does the SOC Monitor?
• Now:
Does it mention security in
it’s Marketing……
or
Our business depends
on…..

7
» The SOC Challenge
• Hundreds of tools telling us
“There is a problem”
• Resources
• Process bound
• Automation
• No clear “risk” directive

9
» RISK:
• “I need to know if data leaks”
(Privileged User/Insider abuse)
» HOW:
• Database Activity Monitors (DAM)
• Data Loss Prevention (DLP)
• Web server logs
• Application logs……?
» QUALIFICATION:
• What is normal!
• Exclude backup users

10
» RISK:
• “Application features can be abused”
(Service Outage/Abuse)
• Example, uploading of a valid file
hundreds of times
» HOW:
- Database Activity Monitors (DAM)
- Web server logs
- Application logs……?
» QUALIFICATION:
• What is normal!
• Clients versus agents

11
»Application Security Monitoring
• Monitoring application activities against
defined scenarios
• Combined with monitoring the underlying
infrastructure
-OS
-Web
-Database

12
» How can you help?
• Consider how your application can be
abused when you start, in cooperation
with information governance
• Track application transactions with the
data needed
• Track in a separate location
• Choose a sensible format

14
» Take Aways
• Consider how your application can be abused
• Create appropriate transaction logs
• Create scenarios that should be stopped, with how
your logs can be used to do that
• TALK TO YOUR SOC AS EARLY AS POSSIBLE!

What's hot

#MFSummit2016 Secure: Introduction to identity, access and security

Micro Focus

Privileged Access Management - 2016

Lance Peterman

Zero Trust Model

Yash

Zero trust deck 2020

Guido Marchetti

#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...

Micro Focus

In this presentation from his webinar, Derek A. Smith, Founder, National Cybersecurity Education Center, delves into the strategies and techniques attackers use to gain privileged access to systems, and how you can stop them.This presentation covers: - Privileged Windows accounts - The importance of managing privileged access in Windows - How attackers compromise Windows Privileged Accounts - Challenges PAM can help solve in your Windows environment - 10 Steps to better Windows privileged access management You can also watch the full webinar on-demand here: https://www.beyondtrust.com/resources/webinar/10-steps-better-windows-privileged-access-management/

10 Steps to Better Windows Privileged Access Management

BeyondTrust

How to produce more secure web apps

Damilola Longe, CISSP, CCSP, MSc

Practical Defense

Sean Whalen

IT investments, by their nature, must be adjusted over time to fit ever-changing business requirements. If you’ve been tasked with ‘right-sizing’ your Citrix environment – or want to show value by getting ahead of that request – join Craig Jeske, Director of Engineering at GTRI, for a rundown of Citrix optimization techniques and tasks. The interactive discussion will cover topics including: - Auditing and assessment frameworks - Use case development - Security and access concerns & controls - Hosting strategies - User experience & feedback View the webinar here: https://youtu.be/SV9N-6bwbSY

How to Rightsize Your Citrix Investment

Zivaro Inc

EPV_PCI DSS White Paper (3) Cyber Ark

Erni Susanti

Web application firewall

Aju Thomas

Zero Trust Networks

Practical Code, LLC

Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss

Quick Heal Technologies Ltd.

Zero Trust Model Presentation

Gowdhaman Jothilingam

Confoo 2012 - Web security keynote

Antonio Fontes

Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...

IBM Danmark

Identity and Security in the Cloud

Richard Diver

The 7 Layers of Privileged Access Management

banerjeea

What is zero trust model of information security?

Ahmed Banafa

Workshop: Threat Intelligence - Part 1

Priyanka Aash

What's hot (20)

#MFSummit2016 Secure: Introduction to identity, access and security

Privileged Access Management - 2016

Zero Trust Model

Zero trust deck 2020

#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...

10 Steps to Better Windows Privileged Access Management

How to produce more secure web apps

Practical Defense

How to Rightsize Your Citrix Investment

EPV_PCI DSS White Paper (3) Cyber Ark

Web application firewall

Zero Trust Networks

Seqrite Data Loss Prevention- Complete Protection from Data Theft and Data Loss

Zero Trust Model Presentation

Confoo 2012 - Web security keynote

Mobile Security - Words like Bring Your Own Device, and Federation sounds fam...

Identity and Security in the Cloud

The 7 Layers of Privileged Access Management

What is zero trust model of information security?

Workshop: Threat Intelligence - Part 1

Similar to Getting the most from Application Security in your SOC by Leigh Collett

OWASP Top Ten in Practice

Security Innovation

Have you ever actually gone through the process of hacking a website? Join me on this wonderful ride of application security powered by the OWASP Juice Shop to demonstrate some of the top website vulnerabilities from the OWASP Top 10. In this training, we will review several different techniques used in web application testing, exploit vulnerabilities discovered manually and with tools, and finally take over the whole show just to see how it’s done. A laptop is not necessary as this exercise is meant to be interactive and entertaining. Be sure to bring your thinking cap and your best hacks.

Jonathan Singer - Wheezing The Juice.pdf

Jonathan Singer

In moving towards cloud services, security concerns are often cited as reasons to delay or even abandon the transition. This presentation highlights some basic steps to take to analyse and assess what risk might exist and how to mitigate this. In short, the security concerns regarding cloud deployments will exist in your privately managed data centre environments as well. Outsourcing your service to a Cloud provider does not mean you pass on your liability to your own customers nor responsibility of managing your systems and services.

Securing your Cloud Deployment

Hrusostomos Vicatos

Web Security Overview

Noah Jaehnert

Solvay secure application layer v2015 seba

Sebastien Deleersnyder

Most of the money thrown at securing information systems misses the weak spots. Huge amounts are spent securing infrastructure while web applications are left exposed. It is a crisis that is largely ignored. Software development teams, under pressure to deliver features and meet deadlines, often respond to concerns about the security of their web applications by commissioning a last-minute security assessment and then desperately attempt to address only the most glaring findings. They may even simply throw up a web application firewall to mitigate the threats. Such bolted-on solutions are not long-term answers to web application security. Instead, we advocate a built-in approach. We will show that by weaving security into the software development life cycle, and using mature resources for security coding standards, toolkits and frameworks such as those from OWASP, development teams can consistently produce secure systems without dramatically increasing the development effort or cost. This slide deck was most recently presented at a SPIN meeting in Cape Town In September 2012 by Paul and Theo from ThinkSmart (www.thinksmart.co.za). For more information, contact Paul at ThinkSmart (dot see oh dot zed ay).

Application Security Done Right

pvanwoud

Application Explosion How to Manage Productivity vs Security

Lumension

System security

ReachLocal Services India

Slides from Oracle's ADF Architecture TV series covering the Design phase of ADF projects, covering how to design your ADF applications for security. Like to know more? Check out: - Subscribe to the YouTube channel - http://bit.ly/adftvsub - Design Playlist - http://www.youtube.com/playlist?list=PLJz3HAsCPVaSemIjFk4lfokNynzp5Euet - Read the episode index on the ADF Architecture Square - http://bit.ly/adfarchsquare

Oracle ADF Architecture TV - Design - Designing for Security

Chris Muir

[Wroclaw #2] iOS Security - 101

OWASP

Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...

Glen Roberts, CISSP

Secure coding guidelines

Zakaria SMAHI

Webdays blida mobile top 10 risks

Islam Azeddine Mennouchi

Top 10 Things Logs Can Do for You, Today

SolarWinds

Security professionals have years of experience logging and tracking network security events to identify unauthorized or malicious activity on a corporate network. Unfortunately, many of today's attacks are focused on the application layer, where the fidelity of logging for security events is less robust. Most application logs are typically used to see errors and failures and the internal state of the system, not events that might be interesting from a security perspective. Security practitioners are concerned with understanding patterns of user behavior and, in the event of an attack, being able to see an entire user’s session. How are application events different from network events? What type of information should security practitioners ensure software developers log for event analysis? What are the types of technologies that enable application-level logging and analysis? In this presentation, John Dickson will discuss what should be present in application logs to help understand threats and attacks, and better guard against them.

Top Strategies to Capture Security Intelligence for Applications

Denim Group

Security Monitoring Course - Ali Ahangari

Ali Ahangari

Intrusion detection 2001

eaiti

Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues. In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including: Where are we now and Where are we going? Current Cyberrisks • Data Breach and Cloud Misconfigurations • Insecure Application User Interface (API) • The growing impact of AI and ML • Malware Attack • Single factor passwords • Insider Threat • Shadow IT Systems • Crime, espionage and sabotage by rogue nation-states • IoT • CCPA and GDPR • Cyber attacks on utilities and public infrastructure • Shift in attack vectors

Cybersecurity update 12

Jim Kaplan CIA CFE

Breaking Secure Mobile Applications - Hack In The Box 2014 KL

iphonepentest

The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack. This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security. How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down: • Vulnerability anatomy – how they present themselves • Analysis of vulnerability root cause and protection schemas • Test procedures to validate susceptibility (or not) for each threat

How to Test for The OWASP Top Ten

Security Innovation

Similar to Getting the most from Application Security in your SOC by Leigh Collett (20)

OWASP Top Ten in Practice

Jonathan Singer - Wheezing The Juice.pdf

Securing your Cloud Deployment

Web Security Overview

Solvay secure application layer v2015 seba

Application Security Done Right

Application Explosion How to Manage Productivity vs Security

System security

Oracle ADF Architecture TV - Design - Designing for Security

[Wroclaw #2] iOS Security - 101

Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...

Secure coding guidelines

Webdays blida mobile top 10 risks

Top 10 Things Logs Can Do for You, Today

Top Strategies to Capture Security Intelligence for Applications

Security Monitoring Course - Ali Ahangari

Intrusion detection 2001

Cybersecurity update 12

Breaking Secure Mobile Applications - Hack In The Box 2014 KL

How to Test for The OWASP Top Ten

Recently uploaded

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Exploring Multimodal Embeddings with Milvus

Zilliz

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

CNIC Information System with Pakdata Cf In Pakistan

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

AXA XL - Insurer Innovation Award Americas 2024

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

AWS Community Day CPH - Three problems of Terraform

presentation ICT roal in 21st century education

MINDCTI Revenue Release Quarter One 2024

Artificial Intelligence Chap.5 : Uncertainty

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Exploring Multimodal Embeddings with Milvus

Axa Assurance Maroc - Insurer Innovation Award 2024

Boost Fertility New Invention Ups Success Rates.pdf

Getting the most from Application Security in your SOC by Leigh Collett

1. Getting the most from Application Security in your SOC Leigh Collett leigh@isc2-chapter.cz 2 www.isc2-chapter.cz

2. 3 » AIM • Understand what application security monitoring means to the SOC • Provide some insight into how security monitoring can be incorporated into application development

3. 4 » What does the SOC Monitor? • Classically: • Anti-Virus • Firewalls • IDS/IPS/WAF • Operating Systems • Databases Infrastructure Monitoring

4. 5 » How is it tied together? • Normalisation • Correlation IDS Event • Attack signature Vulnerability Correlation • Confirmed Vulnerable Raise Alert OS Authorisation Event • Successful Attack Alert

5. 6 » What does the SOC Monitor? • Now: Does it mention security in it’s Marketing…… or Our business depends on…..

6. 7 » The SOC Challenge • Hundreds of tools telling us “There is a problem” • Resources • Process bound • Automation • No clear “risk” directive

7. 8 » Turning Risks into Monitoring • Need to clearly identify the risk -Loss of (personal) data -Loss of assets (cash/physical goods) -Privileged User/Insider abuse -Service outage/abuse -….. -….. -….. -Brand damage • Need to identify how the risk is seen

8. 9 » RISK: • “I need to know if data leaks” (Privileged User/Insider abuse) » HOW: • Database Activity Monitors (DAM) • Data Loss Prevention (DLP) • Web server logs • Application logs……? » QUALIFICATION: • What is normal! • Exclude backup users

9. 10 » RISK: • “Application features can be abused” (Service Outage/Abuse) • Example, uploading of a valid file hundreds of times » HOW: - Database Activity Monitors (DAM) - Web server logs - Application logs……? » QUALIFICATION: • What is normal! • Clients versus agents

10. 11 »Application Security Monitoring • Monitoring application activities against defined scenarios • Combined with monitoring the underlying infrastructure -OS -Web -Database

11. 12 » How can you help? • Consider how your application can be abused when you start, in cooperation with information governance • Track application transactions with the data needed • Track in a separate location • Choose a sensible format

12. 13

13. 14 » Take Aways • Consider how your application can be abused • Create appropriate transaction logs • Create scenarios that should be stopped, with how your logs can be used to do that • TALK TO YOUR SOC AS EARLY AS POSSIBLE!

Getting the most from Application Security in your SOC by Leigh Collett

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Getting the most from Application Security in your SOC by Leigh Collett

Similar to Getting the most from Application Security in your SOC by Leigh Collett (20)

Recently uploaded

Recently uploaded (20)

Getting the most from Application Security in your SOC by Leigh Collett