Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
© 2015 Imperva, Inc. All rights reserved.
The State of Application Security:
Hackers On Steroids
Itsik Mantin, Director of...
© 2015 Imperva, Inc. All rights reserved.
“Study the past if you would define the
future” (Confucius)
© 2015 Imperva, Inc. All rights reserved.
Speaker
• Director of Security Research at Imperva
• 15 years experience in the ...
© 2015 Imperva, Inc. All rights reserved.
Making the Report
4
Attack Detection Mechanisms
Application
Profiling
5
Attack Types
6
Attack Incidents
Attack Type Min Ratio
#Alert/5min
SQLi 20
HTTP 10
XSS 5
DT 5
Spam 1
RCE 1
FU 1
Incident
Collection of ale...
© 2015 Imperva, Inc. All rights reserved.
Attack Trends
1
8
© 2015 Imperva, Inc. All rights reserved.
Chance of Getting Attacked
9
© 2015 Imperva, Inc. All rights reserved.
Chance of Getting Attacked
Everyone’s at risk
3/4 apps attacked for
every attack...
© 2015 Imperva, Inc. All rights reserved.
Chance of Getting Attacked “Perfect” RCE Coverage
All applications were attacked...
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
12
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
75th
Percentile
Median
25th
percentile
13
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
RCE and Spam are the most
popular
RCE: Median of 273
...
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
Inequality Measure
Ratio between 3rd
and 2nd
quartile...
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
Inequality Measure
Ratio between 3rd
and 2nd
quartile...
© 2015 Imperva, Inc. All rights reserved.
Number of Attack Incidents
Spam is discriminatory
Spoiler – some industries suff...
© 2015 Imperva, Inc. All rights reserved.
SQL Injection and Cross-Site Scripting
18
© 2015 Imperva, Inc. All rights reserved.
SQL Injection and Cross-Site Scripting
Most Applications see SQLi and
XSS every ...
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
#Incidents
20
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
SQLi Persistent Growth
100% increase in 2014
200% incre...
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
#Incidents
22
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
23
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Up-Trends
24
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Down-Trends
#Incidents
25
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Down-Trends
#Incidents
RFI was on fire in 2014
Super-popular atta...
© 2015 Imperva, Inc. All rights reserved.
Year-over-Year Down-Trends
#Incidents
DT Decrease
2014 trend changed
Spoiler – i...
© 2015 Imperva, Inc. All rights reserved.
Magnitude of Attacks
28
© 2015 Imperva, Inc. All rights reserved.
Magnitude of Attacks
SQLi Attacks are most Intensive
72-204 alerts for quartile ...
© 2015 Imperva, Inc. All rights reserved.
Reputation
2
30
Reputation
31
Reputation
32
Reputation
Serial Attackers – 70%
Anonymous Browsing – 8%
33
© 2015 Imperva, Inc. All rights reserved.
Serial Attackers Vs. Anonymous Browsing
34
© 2015 Imperva, Inc. All rights reserved.
Serial Attackers Vs. Anonymous Browsing
35
© 2015 Imperva, Inc. All rights reserved.
Serial Attackers Vs. Anonymous Browsing
140,000 anonymous browsing
1,800,000 det...
© 2015 Imperva, Inc. All rights reserved.
Industry Trends
3
37
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Compu...
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Compu...
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Compu...
© 2015 Imperva, Inc. All rights reserved.
Per-Industry Trends
Health
Food
Travel
Leisure
Shopping
Business
Financial
Compu...
© 2015 Imperva, Inc. All rights reserved.
Attack Types
42
© 2015 Imperva, Inc. All rights reserved.
Attack Types
43
© 2015 Imperva, Inc. All rights reserved.
Attack Types
57% XSS incidents
on Health
44
© 2015 Imperva, Inc. All rights reserved.
Attack Types
37% DT incidents on
Food
45
© 2015 Imperva, Inc. All rights reserved.
Web Framework Trends
4
46
© 2015 Imperva, Inc. All rights reserved.
Content Management Systems
47
© 2015 Imperva, Inc. All rights reserved.
CMS Trends
All CMS
Non CMS
Applications
48
© 2015 Imperva, Inc. All rights reserved.
CMS Trends
All CMS
Non CMS
Applications
CMS At Risk
CMS applications are attacke...
© 2015 Imperva, Inc. All rights reserved.
WordPress Trends
Other CMS
Non CMS
WordPress
50
© 2015 Imperva, Inc. All rights reserved.
WordPress Trends
Other CMS
Non CMS
WordPress
WordPress at More Risk
3.5 times mo...
© 2015 Imperva, Inc. All rights reserved.
WordPress Trends
Other CMS
Non CMS
WordPress
WordPress at More Risk
3.5 times mo...
© 2015 Imperva, Inc. All rights reserved.
Geographic Trends
53
© 2015 Imperva, Inc. All rights reserved.
Geographic Attack Trends
Country Absolute
#Requests
Internet Users
US 17,671,816...
© 2015 Imperva, Inc. All rights reserved.
Geographic Attack – Year-over-Year
55
© 2015 Imperva, Inc. All rights reserved.
Case Studies
6
56
© 2015 Imperva, Inc. All rights reserved.
Shellshock Mega-Trend
57
© 2015 Imperva, Inc. All rights reserved.
Shellshock Mega-Trend 75,000 incidents
189 applications
26,000 incidents
137 app...
© 2015 Imperva, Inc. All rights reserved.
SQLi Cases Study
59
© 2015 Imperva, Inc. All rights reserved.
SQLi Cases Study 6,800 alerts
per hour
60
© 2015 Imperva, Inc. All rights reserved.
Scraping Case Study
• TOR Massive Scraping attack
• 2 million requests
• 777 TOR...
© 2015 Imperva, Inc. All rights reserved.
Scraping Case Study
62
© 2015 Imperva, Inc. All rights reserved.
Scraping Case Study
63
© 2015 Imperva, Inc. All rights reserved.
Conclusions
64
© 2015 Imperva, Inc. All rights reserved.
Recommendations
65
© 2015 Imperva, Inc. All rights reserved.
Q&A
7
66
© 2015 Imperva, Inc. All rights reserved.
Download 2015 Web Application Attack Report
67
http://www.imperva.com/DefenseCen...
The State of Application Security: Hackers On Steroids
Próxima SlideShare
Cargando en…5
×

The State of Application Security: Hackers On Steroids

45.600 visualizaciones

Publicado el

Organizations of all sizes face a universal security threat from today’s organized hacking industry. Why? Hackers have decreased costs and expanded their reach with tools and technologies that allow for automated attacks against Web applications.

This presentation will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report. View this presentation for an in-depth view of the threat landscape for the year. We will:
- Discuss hacking trends and shifts
- Provide breach analysis by geography, industry, and attack type
- Detail next steps for improved security controls and risk management processes

  • 80% Win Rate? It's Not a BUG? [Proof Inside] ♣♣♣ http://ishbv.com/zcodesys/pdf
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Secrets To Working Online, Hundreds of online opportunites you can profit with today!  http://ishbv.com/ezpayjobs/pdf
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Visit this site: tinyurl.com/sexinarea and find sex in your area for one night)) You can find me on this site too)
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Discover a WEIRD trick I use to make over $3500 per month taking paid surveys online. read more...  https://tinyurl.com/realmoneystreams2019
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • And if you've ever taken a girl home, gotten hot and heavy and then felt embarrassment and PANIC when you take off your pants and see the look of DISAPPOINTMENT on her face, you need to go check this out right now. ◆◆◆ https://tinyurl.com/yaygh4xh
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí

The State of Application Security: Hackers On Steroids

  1. © 2015 Imperva, Inc. All rights reserved. The State of Application Security: Hackers On Steroids Itsik Mantin, Director of Security Research, Imperva
  2. © 2015 Imperva, Inc. All rights reserved. “Study the past if you would define the future” (Confucius)
  3. © 2015 Imperva, Inc. All rights reserved. Speaker • Director of Security Research at Imperva • 15 years experience in the security industry • An inventor of 15 patents in these fields • Holds an M.Sc. in Applied Math and Computer Science • Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences Itsik Mantin 3
  4. © 2015 Imperva, Inc. All rights reserved. Making the Report 4
  5. Attack Detection Mechanisms Application Profiling 5
  6. Attack Types 6
  7. Attack Incidents Attack Type Min Ratio #Alert/5min SQLi 20 HTTP 10 XSS 5 DT 5 Spam 1 RCE 1 FU 1 Incident Collection of alerts Same attack type Same target Essentially same time Not necessarily same IP Incident Alert RatioIncident Alert Ratio 7
  8. © 2015 Imperva, Inc. All rights reserved. Attack Trends 1 8
  9. © 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked 9
  10. © 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked Everyone’s at risk 3/4 apps attacked for every attack type 10
  11. © 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked “Perfect” RCE Coverage All applications were attacked 11
  12. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 12
  13. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 75th Percentile Median 25th percentile 13
  14. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents RCE and Spam are the most popular RCE: Median of 273 14
  15. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles 15
  16. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles RCE Blind Scans All applications suffer equally 16
  17. © 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Spam is discriminatory Spoiler – some industries suffer more 17
  18. © 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting 18
  19. © 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting Most Applications see SQLi and XSS every other week Median of 12-13 for 6-month period 3-5 days for topQ applications 19
  20. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 20
  21. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends SQLi Persistent Growth 100% increase in 2014 200% increase in 2015 #Incidents XSS Persistent Growth 100% increase in 2014 150% increase in 2015 21
  22. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 22
  23. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 23
  24. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 24
  25. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents 25
  26. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents RFI was on fire in 2014 Super-popular attack vector in 2014 Back to “normal” in 2015 26
  27. © 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents DT Decrease 2014 trend changed Spoiler – in one industry DT is still the attack of choice 27
  28. © 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks 28
  29. © 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks SQLi Attacks are most Intensive 72-204 alerts for quartile 3 (of the incidents) 300K alerts in most intensive attack 29
  30. © 2015 Imperva, Inc. All rights reserved. Reputation 2 30
  31. Reputation 31
  32. Reputation 32
  33. Reputation Serial Attackers – 70% Anonymous Browsing – 8% 33
  34. © 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 34
  35. © 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 35
  36. © 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 140,000 anonymous browsing 1,800,000 detect-by-content 12,500,000 serial attackers 1,700,000 anonymous browsing 280,000 detect-by-content 28,000 serial attackers 36
  37. © 2015 Imperva, Inc. All rights reserved. Industry Trends 3 37
  38. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE 38
  39. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE Massive Spam/RCE Campaigns 39
  40. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Massive Spam/RCE Campaigns 40
  41. © 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Spam focused on travel applications Massive Spam/RCE Campaigns 41
  42. © 2015 Imperva, Inc. All rights reserved. Attack Types 42
  43. © 2015 Imperva, Inc. All rights reserved. Attack Types 43
  44. © 2015 Imperva, Inc. All rights reserved. Attack Types 57% XSS incidents on Health 44
  45. © 2015 Imperva, Inc. All rights reserved. Attack Types 37% DT incidents on Food 45
  46. © 2015 Imperva, Inc. All rights reserved. Web Framework Trends 4 46
  47. © 2015 Imperva, Inc. All rights reserved. Content Management Systems 47
  48. © 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications 48
  49. © 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications CMS At Risk CMS applications are attacked 3 Times more often Trend consistent for all attack types 49
  50. © 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress 50
  51. © 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 51
  52. © 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 52
  53. © 2015 Imperva, Inc. All rights reserved. Geographic Trends 53
  54. © 2015 Imperva, Inc. All rights reserved. Geographic Attack Trends Country Absolute #Requests Internet Users US 17,671,816 278,553,524 China 8,227,498 672,585,110 UK 2,224,749 59,097,955 54
  55. © 2015 Imperva, Inc. All rights reserved. Geographic Attack – Year-over-Year 55
  56. © 2015 Imperva, Inc. All rights reserved. Case Studies 6 56
  57. © 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 57
  58. © 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 75,000 incidents 189 applications 26,000 incidents 137 applications 23,000 incidents 174 applications 57,500 incidents 193 applications 58
  59. © 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 59
  60. © 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 6,800 alerts per hour 60
  61. © 2015 Imperva, Inc. All rights reserved. Scraping Case Study • TOR Massive Scraping attack • 2 million requests • 777 TOR Ips • User-Agent faking 61
  62. © 2015 Imperva, Inc. All rights reserved. Scraping Case Study 62
  63. © 2015 Imperva, Inc. All rights reserved. Scraping Case Study 63
  64. © 2015 Imperva, Inc. All rights reserved. Conclusions 64
  65. © 2015 Imperva, Inc. All rights reserved. Recommendations 65
  66. © 2015 Imperva, Inc. All rights reserved. Q&A 7 66
  67. © 2015 Imperva, Inc. All rights reserved. Download 2015 Web Application Attack Report 67 http://www.imperva.com/DefenseCenter/WAAR

×