Cecilia Zuvic
Jason Kent
Will Bechtel
Webcast Series – May 2013
Don’t let Your Website Spread Malware –
a New Approach to ...
Agenda
• Website Malware Risk
• Detecting Website Malware
• How Malware is Different
• Better Website Security
• Summary
2
Identifying Malware with Web Application Scanning
Website Malware Risk
• 2012 Verizon Data Breach Investigations Report (D...
Identifying Malware with Web Application Scanning
Malware Involvement in Data Breaches
4
*Verizon 2012 Data Breach Investi...
Identifying Malware with Web Application Scanning
Malware Involvement in Data Breaches
5
*Verizon 2012 Data Breach Investi...
Identifying Malware with Web Application Scanning
Malware Involvement in Data Breaches
6
*Verizon 2012 Data Breach Investi...
Identifying Malware with Web Application Scanning
What happens if your site and users are infected?
Users are infected, an...
Identifying Malware with Web Application Scanning
How does an attacker get malware on a website?
Victim
Website
Web Applic...
Identifying Malware with Web Application Scanning
Detecting Website Malware – Traditional Approach
Signature Based Detecti...
Identifying Malware with Web Application Scanning
Detecting Website Malware – Traditional Approach
Advantage Disadvantage
...
Identifying Malware with Web Application Scanning
Detecting Website Malware – a Better Approach
• Identify reference
to si...
Identifying Malware with Web Application Scanning
Detecting Website Malware – a Better Approach
12
Setup a vulnerable
brow...
Identifying Malware with Web Application Scanning
How Malware is Different
• Malware Distribution
– Unlike vulnerabilities...
Identifying Malware with Web Application Scanning
Better Website Security
• Detect both OWASP vulnerabilities and website ...
Thank You
jkent@qualys.com
czuvic@qualys.com
Transforming IT Security & Compliance
Upcoming SlideShare
Loading in …5
×

Don’t let Your Website Spread Malware – a New Approach to Web App Security

327
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
327
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Don’t let Your Website Spread Malware – a New Approach to Web App Security

  1. 1. Cecilia Zuvic Jason Kent Will Bechtel Webcast Series – May 2013 Don’t let Your Website Spread Malware – a New Approach to Web App Security Transforming IT Security & Compliance
  2. 2. Agenda • Website Malware Risk • Detecting Website Malware • How Malware is Different • Better Website Security • Summary 2
  3. 3. Identifying Malware with Web Application Scanning Website Malware Risk • 2012 Verizon Data Breach Investigations Report (DBIR) – Involvement of Malware in Data Breaches is increasing – 2011 - 69% incorporated malware (+20%) – 2011 - Associated with breaches that involved 95% of records compromised • 2013 Symantec Internet Security Threat Report (ISTR) – Web-based Malware Attacks on the Rise: “We have seen the number of Web-based attacks increase by almost a third. “ – Lurking Danger: “silently infect enterprise and consumer users when they visit a compromised website” – Hard to Detect: “rendering enterprises that rely on signature-based antivirus – protection unable to protect themselves against these silent attacks” 3
  4. 4. Identifying Malware with Web Application Scanning Malware Involvement in Data Breaches 4 *Verizon 2012 Data Breach Investigations Report
  5. 5. Identifying Malware with Web Application Scanning Malware Involvement in Data Breaches 5 *Verizon 2012 Data Breach Investigations Report
  6. 6. Identifying Malware with Web Application Scanning Malware Involvement in Data Breaches 6 *Verizon 2012 Data Breach Investigations Report
  7. 7. Identifying Malware with Web Application Scanning What happens if your site and users are infected? Users are infected, and blame your organization Your organization website is blacklisted. You spend time trying to get off the blacklist Reputation Damage & Lost Revenue 7
  8. 8. Identifying Malware with Web Application Scanning How does an attacker get malware on a website? Victim Website Web Application or Indirect Vulnerability • Known vulnerability in an app or platform component • Discovered vulnerability in developed application (XSS, etc) Phishing, spyware or social engineering • Steal password or execute other attack to gain access Paying to host an advertisement that contains the infection • Malvertizing - legitimate websites can infect users without being directly compromised 8
  9. 9. Identifying Malware with Web Application Scanning Detecting Website Malware – Traditional Approach Signature Based Detection on systems/web gateways 9 Malware is identified and Analyzed (typically after many infections) Signature is created Signature is distributed to end points/gateways Zero Day Protection Gap
  10. 10. Identifying Malware with Web Application Scanning Detecting Website Malware – Traditional Approach Advantage Disadvantage 10
  11. 11. Identifying Malware with Web Application Scanning Detecting Website Malware – a Better Approach • Identify reference to site that is known to host malware • Instrument a system- watch for exploitation • detect zero day • For common scripting techniques, etc. • For downloadable documents like PDFs Antivirus Heuristic Reputation Check Behavioral Analysis 11
  12. 12. Identifying Malware with Web Application Scanning Detecting Website Malware – a Better Approach 12 Setup a vulnerable browsing platform on a VM Instrument the browser using API hooking Input parameters, return values, and data logged in various points within the browser and OS. Watch for exploitation When done scanning or when compromised, destroy VM and start another
  13. 13. Identifying Malware with Web Application Scanning How Malware is Different • Malware Distribution – Unlike vulnerabilities which are accidental software flaws, attackers try to place malware in high traffic areas – OWASP type vulnerabilities should be distributed randomly (XSS, SQLi) – Malware will typically be positioned to infect all users (not just authenticated) • Malware detection does not have the impact – Detection uses ‘passive’ and not ‘active’ techniques – Safe for daily scans 13
  14. 14. Identifying Malware with Web Application Scanning Better Website Security • Detect both OWASP vulnerabilities and website malware – Run daily passive scans on websites to identify malware, notify immediately – Perform active scans on a regular basis to identify OWASP vulnerabilities • How you benefit – Identify and fix vulnerabilities hackers could exploit or malware distributors could use to infect your site and other users – Protect your revenue, brand reputation and users from malware impact – Ensure you are covered from both threats, making it hard for attackers to exploit 14
  15. 15. Thank You jkent@qualys.com czuvic@qualys.com Transforming IT Security & Compliance
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×