SlideShare una empresa de Scribd logo

Metricon 6 That's So Meta

Ed Bellis
Ed Bellis

That's So Meta: Gleaning Business Context In The Vulnerability Warehouse Ed Bellis, HoneyApps For years businesses have been mining and culling data warehouses to measure every layer of their business right down to the clickstream information of their web sites. These business intelligence tools have helped organizations identify points of poor product performance, highlighting areas of current and potential future demand, key performance indicators, etc. Imagine if you had a data warehouse covering all of your applications, infrastructure, logs, vulnerability assessments, incidents, financial information, and metadata. What could you do with this readily available information? In this talk, Ed will cover some of the many sources of security data publicly available and how to apply them to add context to your security data and tools to help make more intelligent decisions. Ed also points out a number of ways to repurpose information and tools your company is already using in order to glean a clearer view into your security program and the threats that may affect it.

Tecnología
1 de 38
That’s So Meta Metricon 6.0
Or...... The (first) 4 Stages of Security Intelligence
Nice To Meet You About Me CoFounder HoneyApps Former CISO Orbitz Contributing Author Beautiful Security CSO Magazine/Online Author HoneyApps Vulnerability Management as a Service 16 Hot Startups - eWeek 3 Startups to Watch - Information Week
Stage 1: Ignorance is Bliss
Stage 2: Where are all of my vulnerabilities? Back in my Yahoo days I performed hundreds of web application vulnerability assessments. To streamline the workload, I created an assessment methodology consisting of a few thousand security tests averaging 40 hours to complete per website. Yahoo had over 600 websites enterprise-wide. To assess the security of every website would have taken over 11 years to complete and the other challenge was these websites would change all the time which decayed the value of my reports. Jeremiah Grossman Founder, WhiteHat Security
Stage 3: Scan & Dump or... “thanks for the 1000 page report, now what?!”
Why This Occurs Lack of Communication Lack of Data Lack of Coordination Silos, Silos, Everywhere
Stage 4: A New Beginning Or...... Using What You Got!
Vulnerability Management: A Case Study Building the Warehouse WebApp Vulnerability Type: XSS Severity Threat Subtype: (persistent,reflected,etc) Asset URL/URI Confirmed? Dates Found/Opened Dates Closed Description Attack Parameters
Vulnerability Management: A Case Study Building the Warehouse WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Subtype: (persistent,reflected,etc) Database Version Asset URL/URI Confirmed? Dates Found/Opened Dates Closed Description Attack Parameters
Vulnerability Management: A Case Study Building the Warehouse WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Subtype: (persistent,reflected,etc) Database Version Asset URL/URI Confirmed? Asset:Host Dates Found/Opened Host Operating System Dates Closed Other Applications/Versions Description IP Addresses Attack Parameters Mac Address Open Services/Ports
Vulnerability Management: A Case Study WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Database Version Subtype: (persistent,reflected,etc) Asset URL/URI Asset:Host Confirmed? Dates Found/Opened Host Operating System Dates Closed Applications/Versions Other Description Addresses IP Attack Parameters Mac Address Open Services/Ports
Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Business Unit VERIS data Threat Application Server Version Internal IP Address Database Version Subtype: (persistent,reflected,etc) Geographic Location External IP Address Asset URL/URI Asset:Host Confirmed? Development Team Network Location Dates Found/Opened Host Operating System Ops Team Site Name Dates Closed Applications/Versions Other Compliance Regulation Description Addresses IP Security Policy Asset Group Attack Parameters Mac Address Open Services/Ports
Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version ThreatUnit Application Server Version Business VERIS data Database Version Subtype: (persistent,reflected,etc) Internal IP Address Asset URL/URI Geographic Location External IP Address Confirmed? Asset:Host Development Team Network Location Dates Found/Opened Host Operating System Dates Closed Applications/Versions Ops Team Other Site Name Description Addresses IP Compliance Regulation Attack Parameters Mac Address Security Policy Asset Group Open Services/Ports
Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Apply Internal Threat Data Type: XSS Platform / Code Severity Web Server Version ThreatUnit Application Server Version Business VERIS data Firewall Application Database Version Subtype: (persistent,reflected,etc) Internal IP Address Asset URL/URI Geographic Location External IP Address Confirmed? Asset:Host Development Team Network Location IDS/IPS Dates Found/Opened Host Operating System Dates Closed Applications/Versions Ops Team Other Description Addresses IP Compliance Regulation Site Name WAF Attack Parameters Mac Address Security Policy Asset Group Open Services/Ports
Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Apply Internal Threat Threat Unit Application Server Version Business Internal IP Address VERIS data Database Version Subtype: (persistent,reflected,etc) Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicati Confirmed? Team Development Network Location Dates Found/Opened Host Operating System Dates Team Other Applications/Versions Ops Closed Site Name IDS/ IPCompliance Regulation Description Addresses WA Asset Group Attack Parameters Security Mac Address Policy Open Services/Ports
Vulnerability Management: A Case Study Apply External Threat Data Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Apply Internal Threat Threat Unit Application Server Version Business Internal IP Address VERIS data Database Version Subtype: (persistent,reflected,etc) Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicati Confirmed? Team Development Network Location Dates Found/Opened Host Operating System Dates Team Other Applications/Versions Ops Closed Site Name IDS/ IPCompliance Regulation Description Addresses WA Asset Group Attack Parameters Security Mac Address Policy Open Services/Ports
Vulnerability Management: A Case Study Apply External Threat Data Meta Data WebApp Vulnerability Asset:URL Example Data Sources Type: XSS Platform / Code Severity Web Server Version Apply Internal Threat Threat Unit Application Server Version Business Internal IP Address VERIS data ❖DataLossDB Database Version Subtype: (persistent,reflected,etc) ❖Verizon DBIR Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicati Confirmed? Team ❖WHID Development Dates Found/Opened Host Operating System Network Location ❖Trustwave Global Security Report Dates Team Other Applications/Versions Ops Closed Site Name ❖FS-ISAC IDS/ IPCompliance Regulation Description Addresses ❖SANS ISC WA Asset Group Attack Parameters Security Mac Address ❖Veracode State of S/W Security Policy Open Services/Ports ❖ExploitDB
Vulnerability Management: A Case Study WebApp Vulnerability Asset:URL Meta Data Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Apply Internal Threat Database Version Subtype: (persistent,reflected,etc) Business Unit Internal IP Address VERIS data Asset URL/URI Asset:Host Geographic Location External IP Address Confirmed? Firew Applicati Dates Found/Opened Network Location Host Operating System Development Team Dates Closed Applications/Versions Ops TeamOther Site Name Description Compliance Regulation IP Addresses IDS/ Attack Parameters Mac Address Asset Group WA Security Policy Open Services/Ports
Vulnerability Management: A Case Study WebApp Vulnerability Asset:URL Meta Data Type: XSS Platform / Code Severity Web Server Version Remediation Statistics Threat Application Server Version Apply Internal Threat Database Version Subtype: (persistent,reflected,etc) Business Unit Internal IP Address VERIS data Asset URL/URI Internal Bug Tracking Reports Asset:Host Geographic Location External IP Address Confirmed? Firew Applicati Dates Found/Opened Network Location Host Operating System Development Team Denim Group Remediation Study Dates Closed Applications/Versions Ops TeamOther Site Name Description Compliance Regulation IP Addresses IDS/ Attack Parameters Mac Address Asset Group Build and Development Process WA Security Policy Open Services/Ports
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
Data Lenses: Views into the Warehouse Applying Filters To Glean Information
The Twitter Poll
My Favorite Non-Sec Tools TeaLeaf GreenPlum Ruby Selenium
Resources Referenced Verizon DBIR http://www.verizonbusiness.com/dbir/WASC Web App Security Stats http://projects.webappsec.org/w/page/ VERIS Framework https://www2.icsalabs.com/veris/ 13246989/Web-Application-Security-Statistics Denim Group - Real Cost of S/W FS-ISAC http://www.fsisac.com/ Remediation WHID http://projects.webappsec.org/w/page/ http://www.slideshare.net/denimgroup/real-cost-of- 13246995/Web-Hacking-Incident-Database/ software-remediation SANS Internet Storm Center DataLoss DB http://datalossdb.org/ http://isc.sans.org/ TrustWave Global Security Report XForce http://xforce.iss.net/ https://www.trustwave.com/GSR Veracode SOSS http://www.veracode.com/ images/pdf/soss/veracode-state-of-software- ExploitDB security-report-volume2.pdf http://www.exploit-db.com/
Q&A follow us the blog http://blog.honeyapps.com/ twitter @risk_io @ebellis

Recomendados

SecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeSecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeEd Bellis
 
Bay threat2011
Bay threat2011Bay threat2011
Bay threat2011Ed Bellis
 
t r
t rt r
t relectronicmingle01
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesBulent Buyukkahraman
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 

Recomendados

SecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeSecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeEd Bellis
 
Bay threat2011
Bay threat2011Bay threat2011
Bay threat2011Ed Bellis
 
t r
t rt r
t relectronicmingle01
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesBulent Buyukkahraman
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
PASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingPASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingCraig Walker, CISSP
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 
Antigen tdm
Antigen tdmAntigen tdm
Antigen tdmZiemek Borowski
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10Aravindharamanan S
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Scared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPScared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPJohn Kary
 
Owasp top 10 web application security risks 2017
Owasp top 10 web application security risks 2017Owasp top 10 web application security risks 2017
Owasp top 10 web application security risks 2017Sampath Bhargav Pinnam
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeTUESDAY Business Network
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Giovanni Mazzeo
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperAjin Abraham
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallCA API Management
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
Microsoft Forefront - Protection 2010 for Exchange Server Datasheet
Microsoft Forefront - Protection 2010 for Exchange Server DatasheetMicrosoft Forefront - Protection 2010 for Exchange Server Datasheet
Microsoft Forefront - Protection 2010 for Exchange Server DatasheetMicrosoft Private Cloud
 
Microsoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Private Cloud
 
Attques web
Attques webAttques web
Attques webTarek MOHAMED
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Prevención de caídas en pacientes ingresados
Prevención de caídas en pacientes ingresadosPrevención de caídas en pacientes ingresados
Prevención de caídas en pacientes ingresadosPlan de Calidad para el SNS
 
Prevención de Caídas.-
Prevención de Caídas.-Prevención de Caídas.-
Prevención de Caídas.-RockAnDora
 

Más contenido relacionado

La actualidad más candente

PASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingPASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingCraig Walker, CISSP
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningCA API Management
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
Scared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPScared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPJohn Kary
 
Owasp top 10 web application security risks 2017
Owasp top 10 web application security risks 2017Owasp top 10 web application security risks 2017
Owasp top 10 web application security risks 2017Sampath Bhargav Pinnam
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threatsVishal Kumar
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperAjin Abraham
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallCA API Management
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
Microsoft Forefront - Protection 2010 for Exchange Server Datasheet
Microsoft Forefront - Protection 2010 for Exchange Server DatasheetMicrosoft Forefront - Protection 2010 for Exchange Server Datasheet
Microsoft Forefront - Protection 2010 for Exchange Server DatasheetMicrosoft Private Cloud
 
Microsoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Private Cloud
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 

La actualidad más candente (20)

PASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat ModelingPASTA: Risk-centric Threat Modeling
PASTA: Risk-centric Threat Modeling
 
Layer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And HardeningLayer 7 Technologies: Web Services Hacking And Hardening
Layer 7 Technologies: Web Services Hacking And Hardening
 
Antigen tdm
Antigen tdmAntigen tdm
Antigen tdm
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
Scared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPScared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHP
 
Owasp top 10 web application security risks 2017
Owasp top 10 web application security risks 2017Owasp top 10 web application security risks 2017
Owasp top 10 web application security risks 2017
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
 
Layer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml FirewallLayer 7 Technologies: What Is An Xml Firewall
Layer 7 Technologies: What Is An Xml Firewall
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
 
Microsoft Forefront - Protection 2010 for Exchange Server Datasheet
Microsoft Forefront - Protection 2010 for Exchange Server DatasheetMicrosoft Forefront - Protection 2010 for Exchange Server Datasheet
Microsoft Forefront - Protection 2010 for Exchange Server Datasheet
 
Microsoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server DatasheetMicrosoft Forefront - Security for Communications Server Datasheet
Microsoft Forefront - Security for Communications Server Datasheet
 
Attques web
Attques webAttques web
Attques web
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 

Destacado

Prevención de Caídas.-
Prevención de Caídas.-Prevención de Caídas.-
Prevención de Caídas.-RockAnDora
 
Prevención de caídas en pacientes hospitalizados
Prevención de caídas en pacientes hospitalizadosPrevención de caídas en pacientes hospitalizados
Prevención de caídas en pacientes hospitalizadosKarina Reyes Lugo
 
Prevención de Caídas en pacientes Hospitalizados
Prevención de Caídas en pacientes HospitalizadosPrevención de Caídas en pacientes Hospitalizados
Prevención de Caídas en pacientes HospitalizadosFer Campaña
 
Prevención de caídas en pacientes hospitalizados - CICAT-SALUD
Prevención de caídas en pacientes hospitalizados - CICAT-SALUDPrevención de caídas en pacientes hospitalizados - CICAT-SALUD
Prevención de caídas en pacientes hospitalizados - CICAT-SALUDCICAT SALUD
 

Destacado (6)

Prevención de caídas en pacientes ingresados
Prevención de caídas en pacientes ingresadosPrevención de caídas en pacientes ingresados
Prevención de caídas en pacientes ingresados
 
Prevención de Caídas.-
Prevención de Caídas.-Prevención de Caídas.-
Prevención de Caídas.-
 
Prevención de caídas en pacientes hospitalizados
Prevención de caídas en pacientes hospitalizadosPrevención de caídas en pacientes hospitalizados
Prevención de caídas en pacientes hospitalizados
 
Prevención de Caídas en pacientes Hospitalizados
Prevención de Caídas en pacientes HospitalizadosPrevención de Caídas en pacientes Hospitalizados
Prevención de Caídas en pacientes Hospitalizados
 
Prevención de caídas en pacientes hospitalizados - CICAT-SALUD
Prevención de caídas en pacientes hospitalizados - CICAT-SALUDPrevención de caídas en pacientes hospitalizados - CICAT-SALUD
Prevención de caídas en pacientes hospitalizados - CICAT-SALUD
 
Prevención y actuación ante el riesgo de caídas
Prevención y actuación ante el riesgo de caídasPrevención y actuación ante el riesgo de caídas
Prevención y actuación ante el riesgo de caídas
 

Similar a Metricon 6 That's So Meta

Redefining siem to real time security intelligence
Redefining siem to real time security intelligenceRedefining siem to real time security intelligence
Redefining siem to real time security intelligenceBrendaly Marcano
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...NetworkCollaborators
 
Web 2.0 Hacking
Web 2.0 HackingWeb 2.0 Hacking
Web 2.0 Hackingblake101
 
Evaluating Network and Security Devices
Evaluating Network and Security DevicesEvaluating Network and Security Devices
Evaluating Network and Security Devicesponealmickelson
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxArjayBalberan1
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPRThreat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPRJürgen Ambrosi
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testingfrisksoftware
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source SecuritySander Temme
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
A great api is hard to find
A great api is hard to findA great api is hard to find
A great api is hard to findDan Diephouse
 

Similar a Metricon 6 That's So Meta (20)

Redefining siem to real time security intelligence
Redefining siem to real time security intelligenceRedefining siem to real time security intelligence
Redefining siem to real time security intelligence
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
 
Web 2.0 Hacking
Web 2.0 HackingWeb 2.0 Hacking
Web 2.0 Hacking
 
Evaluating Network and Security Devices
Evaluating Network and Security DevicesEvaluating Network and Security Devices
Evaluating Network and Security Devices
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010
 
Threat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPRThreat management lifecycle in ottica GDPR
Threat management lifecycle in ottica GDPR
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
Building & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus TestingBuilding & Leveraging White Database for Antivirus Testing
Building & Leveraging White Database for Antivirus Testing
 
Open Source Security
Open Source SecurityOpen Source Security
Open Source Security
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Advanced Threat Protection
Advanced Threat ProtectionAdvanced Threat Protection
Advanced Threat Protection
 
Lan & Wan
Lan & WanLan & Wan
Lan & Wan
 
Lan & Wan
Lan & WanLan & Wan
Lan & Wan
 
ATP
ATPATP
ATP
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
A great api is hard to find
A great api is hard to findA great api is hard to find
A great api is hard to find
 
Pentesting Android Apps
Pentesting Android AppsPentesting Android Apps
Pentesting Android Apps
 

Más de Ed Bellis

Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That MatterEd Bellis
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesEd Bellis
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15Ed Bellis
 
Security as Code
Security as CodeSecurity as Code
Security as CodeEd Bellis
 
BSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS SucksBSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS SucksEd Bellis
 
Reading the Security Tea Leaves
Reading the Security Tea LeavesReading the Security Tea Leaves
Reading the Security Tea LeavesEd Bellis
 
Fix What Matters
Fix What MattersFix What Matters
Fix What MattersEd Bellis
 
BSidesLV Vulnerability & Exploit Trends
BSidesLV Vulnerability & Exploit TrendsBSidesLV Vulnerability & Exploit Trends
BSidesLV Vulnerability & Exploit TrendsEd Bellis
 
Palmer Symposium
Palmer SymposiumPalmer Symposium
Palmer SymposiumEd Bellis
 
BSides SF Security Mendoza Line
BSides SF Security Mendoza LineBSides SF Security Mendoza Line
BSides SF Security Mendoza LineEd Bellis
 
SecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineSecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineEd Bellis
 
An Economic Approach to Info Security
An Economic Approach to Info SecurityAn Economic Approach to Info Security
An Economic Approach to Info SecurityEd Bellis
 

Más de Ed Bellis (12)

Risk Management Metrics That Matter
Risk Management Metrics That MatterRisk Management Metrics That Matter
Risk Management Metrics That Matter
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
Security as Code
Security as CodeSecurity as Code
Security as Code
 
BSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS SucksBSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS Sucks
 
Reading the Security Tea Leaves
Reading the Security Tea LeavesReading the Security Tea Leaves
Reading the Security Tea Leaves
 
Fix What Matters
Fix What MattersFix What Matters
Fix What Matters
 
BSidesLV Vulnerability & Exploit Trends
BSidesLV Vulnerability & Exploit TrendsBSidesLV Vulnerability & Exploit Trends
BSidesLV Vulnerability & Exploit Trends
 
Palmer Symposium
Palmer SymposiumPalmer Symposium
Palmer Symposium
 
BSides SF Security Mendoza Line
BSides SF Security Mendoza LineBSides SF Security Mendoza Line
BSides SF Security Mendoza Line
 
SecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineSecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza Line
 
An Economic Approach to Info Security
An Economic Approach to Info SecurityAn Economic Approach to Info Security
An Economic Approach to Info Security
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Metricon 6 That's So Meta

  • 1. That’s So Meta Metricon 6.0
  • 2. Or...... The (first) 4 Stages of Security Intelligence
  • 3. Nice To Meet You About Me CoFounder HoneyApps Former CISO Orbitz Contributing Author Beautiful Security CSO Magazine/Online Author HoneyApps Vulnerability Management as a Service 16 Hot Startups - eWeek 3 Startups to Watch - Information Week
  • 5. Stage 2: Where are all of my vulnerabilities? Back in my Yahoo days I performed hundreds of web application vulnerability assessments. To streamline the workload, I created an assessment methodology consisting of a few thousand security tests averaging 40 hours to complete per website. Yahoo had over 600 websites enterprise-wide. To assess the security of every website would have taken over 11 years to complete and the other challenge was these websites would change all the time which decayed the value of my reports. Jeremiah Grossman Founder, WhiteHat Security
  • 6. Stage 3: Scan & Dump or... “thanks for the 1000 page report, now what?!”
  • 7. Why This Occurs Lack of Communication Lack of Data Lack of Coordination Silos, Silos, Everywhere
  • 8. Stage 4: A New Beginning Or...... Using What You Got!
  • 9. Vulnerability Management: A Case Study Building the Warehouse WebApp Vulnerability Type: XSS Severity Threat Subtype: (persistent,reflected,etc) Asset URL/URI Confirmed? Dates Found/Opened Dates Closed Description Attack Parameters
  • 10. Vulnerability Management: A Case Study Building the Warehouse WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Subtype: (persistent,reflected,etc) Database Version Asset URL/URI Confirmed? Dates Found/Opened Dates Closed Description Attack Parameters
  • 11. Vulnerability Management: A Case Study Building the Warehouse WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Subtype: (persistent,reflected,etc) Database Version Asset URL/URI Confirmed? Asset:Host Dates Found/Opened Host Operating System Dates Closed Other Applications/Versions Description IP Addresses Attack Parameters Mac Address Open Services/Ports
  • 12. Vulnerability Management: A Case Study WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Database Version Subtype: (persistent,reflected,etc) Asset URL/URI Asset:Host Confirmed? Dates Found/Opened Host Operating System Dates Closed Applications/Versions Other Description Addresses IP Attack Parameters Mac Address Open Services/Ports
  • 13. Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Business Unit VERIS data Threat Application Server Version Internal IP Address Database Version Subtype: (persistent,reflected,etc) Geographic Location External IP Address Asset URL/URI Asset:Host Confirmed? Development Team Network Location Dates Found/Opened Host Operating System Ops Team Site Name Dates Closed Applications/Versions Other Compliance Regulation Description Addresses IP Security Policy Asset Group Attack Parameters Mac Address Open Services/Ports
  • 14. Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version ThreatUnit Application Server Version Business VERIS data Database Version Subtype: (persistent,reflected,etc) Internal IP Address Asset URL/URI Geographic Location External IP Address Confirmed? Asset:Host Development Team Network Location Dates Found/Opened Host Operating System Dates Closed Applications/Versions Ops Team Other Site Name Description Addresses IP Compliance Regulation Attack Parameters Mac Address Security Policy Asset Group Open Services/Ports
  • 15. Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Apply Internal Threat Data Type: XSS Platform / Code Severity Web Server Version ThreatUnit Application Server Version Business VERIS data Firewall Application Database Version Subtype: (persistent,reflected,etc) Internal IP Address Asset URL/URI Geographic Location External IP Address Confirmed? Asset:Host Development Team Network Location IDS/IPS Dates Found/Opened Host Operating System Dates Closed Applications/Versions Ops Team Other Description Addresses IP Compliance Regulation Site Name WAF Attack Parameters Mac Address Security Policy Asset Group Open Services/Ports
  • 16. Vulnerability Management: A Case Study Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Apply Internal Threat Threat Unit Application Server Version Business Internal IP Address VERIS data Database Version Subtype: (persistent,reflected,etc) Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicati Confirmed? Team Development Network Location Dates Found/Opened Host Operating System Dates Team Other Applications/Versions Ops Closed Site Name IDS/ IPCompliance Regulation Description Addresses WA Asset Group Attack Parameters Security Mac Address Policy Open Services/Ports
  • 17. Vulnerability Management: A Case Study Apply External Threat Data Meta Data WebApp Vulnerability Asset:URL Type: XSS Platform / Code Severity Web Server Version Apply Internal Threat Threat Unit Application Server Version Business Internal IP Address VERIS data Database Version Subtype: (persistent,reflected,etc) Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicati Confirmed? Team Development Network Location Dates Found/Opened Host Operating System Dates Team Other Applications/Versions Ops Closed Site Name IDS/ IPCompliance Regulation Description Addresses WA Asset Group Attack Parameters Security Mac Address Policy Open Services/Ports
  • 18. Vulnerability Management: A Case Study Apply External Threat Data Meta Data WebApp Vulnerability Asset:URL Example Data Sources Type: XSS Platform / Code Severity Web Server Version Apply Internal Threat Threat Unit Application Server Version Business Internal IP Address VERIS data ❖DataLossDB Database Version Subtype: (persistent,reflected,etc) ❖Verizon DBIR Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicati Confirmed? Team ❖WHID Development Dates Found/Opened Host Operating System Network Location ❖Trustwave Global Security Report Dates Team Other Applications/Versions Ops Closed Site Name ❖FS-ISAC IDS/ IPCompliance Regulation Description Addresses ❖SANS ISC WA Asset Group Attack Parameters Security Mac Address ❖Veracode State of S/W Security Policy Open Services/Ports ❖ExploitDB
  • 19. Vulnerability Management: A Case Study WebApp Vulnerability Asset:URL Meta Data Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Apply Internal Threat Database Version Subtype: (persistent,reflected,etc) Business Unit Internal IP Address VERIS data Asset URL/URI Asset:Host Geographic Location External IP Address Confirmed? Firew Applicati Dates Found/Opened Network Location Host Operating System Development Team Dates Closed Applications/Versions Ops TeamOther Site Name Description Compliance Regulation IP Addresses IDS/ Attack Parameters Mac Address Asset Group WA Security Policy Open Services/Ports
  • 20. Vulnerability Management: A Case Study WebApp Vulnerability Asset:URL Meta Data Type: XSS Platform / Code Severity Web Server Version Remediation Statistics Threat Application Server Version Apply Internal Threat Database Version Subtype: (persistent,reflected,etc) Business Unit Internal IP Address VERIS data Asset URL/URI Internal Bug Tracking Reports Asset:Host Geographic Location External IP Address Confirmed? Firew Applicati Dates Found/Opened Network Location Host Operating System Development Team Denim Group Remediation Study Dates Closed Applications/Versions Ops TeamOther Site Name Description Compliance Regulation IP Addresses IDS/ Attack Parameters Mac Address Asset Group Build and Development Process WA Security Policy Open Services/Ports
  • 21. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 22. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 23. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 24. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 25. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 26. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 27. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 28. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 29. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 30. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 31. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 32. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 33. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 34. Data Lenses: Views into the Warehouse Applying Filters To Glean Information
  • 36. My Favorite Non-Sec Tools TeaLeaf GreenPlum Ruby Selenium
  • 37. Resources Referenced Verizon DBIR http://www.verizonbusiness.com/dbir/WASC Web App Security Stats http://projects.webappsec.org/w/page/ VERIS Framework https://www2.icsalabs.com/veris/ 13246989/Web-Application-Security-Statistics Denim Group - Real Cost of S/W FS-ISAC http://www.fsisac.com/ Remediation WHID http://projects.webappsec.org/w/page/ http://www.slideshare.net/denimgroup/real-cost-of- 13246995/Web-Hacking-Incident-Database/ software-remediation SANS Internet Storm Center DataLoss DB http://datalossdb.org/ http://isc.sans.org/ TrustWave Global Security Report XForce http://xforce.iss.net/ https://www.trustwave.com/GSR Veracode SOSS http://www.veracode.com/ images/pdf/soss/veracode-state-of-software- ExploitDB security-report-volume2.pdf http://www.exploit-db.com/
  • 38. Q&A follow us the blog http://blog.honeyapps.com/ twitter @risk_io @ebellis

Notas del editor

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. Time to Fix by team, by class, by severity, by biz unit,etc,etc\nSDLC - Build Schedule - testing process - etc,etc\nTech Remediation Stats from Denim Report - factor in bug tracking reports & build/dev process\n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n