2. The Year 2010 for Websites
Defacements
300000
250000
200000
150000
Defacements
100000
50000
0
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
3. The Year 2010 for Websites
• Over 1.4 million websites were defaced.
• Over 81% websites were hosted on Linux/Unix platforms.
• Over 85% websites were using Apache.
1200000
1000000
800000
600000 Attacks
400000
200000
0
IIS 6.0/5.0 Apache IIS 7.0/7.5
4. What does it mean?
• Defacements are more prone on Linux/Unix
platforms.
– Not because they are insecure, but because they
are used more.
• The “Attack-Surface” is widening due to
increase in web users.
– With an ever-increasing ratio of mobile web
users, this will be even greater by 2012.
5. Why can my website be defaced?
Hosting Flaws Development Flaws
Unprotected Network Coding Errors
Unpatched Servers Unhandled Exceptions
Legacy/Broken Software Web Vulnerabilities
The solution is to keep the hosting environment updated with the latest
patches/antivirus/software and to incorporate security testing in the SDLC
7. Net Canine – Your Website Watchdog
• Net Canine watches your websites and
alerts you if “things are not okay”.
• Since you are the first one to know about
the problems with your website, you can
quickly correct them before the news
spread!
8. About Net Canine
The system uses advanced machine learning technology to check your website for
Downtime • Notifies you whenever the website is unavailable, and also
when it is available back again.
Defacement • Notifies you whenever the website is defaced or
disintegrated, so that you can reset it quickly.
Hijacking • Notifies you of DNS and Domain Hijacking attacks on your
website.
Phishing • Informs you about the links on your website which lead to
phishing websites.
Malware • Alerts you about ‘drive-by-download’ malware attacks by
scanning your website for malicious software and scripts
9. How it works
• Sees your
Scan website like
a normal
visitor
• Finds
Detect anomalies
on the
website
• Informs the
Alert webmaster
about the
anomaly
11. Features
Platform Independent
Works on any website
No Installation
Can be accessible via a browser
Protects Reputation
Informs you before anyone else can know
12. Story so far…
Problem Detected?
Website Downtime Yes
Website Hijacking Yes
Defacement Detection Yes
Phishing Detection Q4, 2011
Malware Detection Q4, 2011
RESTful API Q4, 2011