2. www.ebusinessmantra.com
About ebusinessmantra
Web Application Development (Java and .NET platform)
Web Application Security Consultant
Develop security strategies for web sites
Find vulnerabilities in clients’ web sites
Offer security products and services
2
7. www.ebusinessmantra.com
2014 Data Loss
• 3000 reported incidents
• Over 50% involved businesses
• 1.1 billion records exposed
• Over 83% of data breaches due to hacking
7
8. www.ebusinessmantra.com
We are Small Business…
Small & Medium sized businesses are most vulnerable because
they don’t have resources that large organizations have
Vulnerabilities in your business web site could be exploited to
distribute malware
Business Partners’ web sites may be compromised and
distributing malware
70% of web sites are vulnerable to hacking
8
9. www.ebusinessmantra.com
Why are Web Sites Vulnerable?
• Attack passes as normal traffic through ports 80 & 443
• SSL, Network, OS securities cannot protect web applications
9
10. www.ebusinessmantra.com
Web Site Vulnerabilities (OWASP Top 10)
Injection
BrokenAuthentication and Session Management
Cross Site Scripting
Insecure Direct Object Reference
Security Misconfiguration
Sensitive Data Exposure
Missing Function LevelAccess Control
Cross Site Reference Forgery
Using KnownVulnerable Components
Unvalidated Redirects and Forwards
10
16. www.ebusinessmantra.com
Security Monitoring
Periodic Web Site Scanning for Vulnerabilities
and need to fix them
Web Application Firewall
Real time, continuous protection
Set policies to alerts and/or block attacks
Virtual patch from scanning results
Block traffic from certain region
16
19. www.ebusinessmantra.com
PCI DSS Requirements – web related
Reviewing public-facing
web applications via
manual or automated
application vulnerability
security assessment
tools or methods, at
least annually and after
any changes
Requirement 6: Develop and maintain secure systems and applications
19