SlideShare a Scribd company logo

Deconstructing Application DoS Attacks

Imperva
Imperva

Denial of service (DoS) attacks continue to move up the stack from the network to the application level. Since many anti-DoS solutions focus on the lower layers, hackers are targeting specific Web servers, such as IIS or Apache, or applications, such as SharePoint, in order to reduce the likelihood of attack detection. This presentation highlights the latest trends, techniques, and technologies deployed by hackers and provides security professionals with specific steps to mitigate this threat.

Technology
1 of 60
Download to read offline
Deconstructing Application DoS Attacks Tal Be’ery, Web Research TL, Imperva
Agenda  Introduction to Imperva’s Hacker Intelligence Initiative  Denial of Service (DoS): + Definition and background + Attackers – Hacktivists – Business related + Tools – JS LOIC – Slow HTTP + Mitigation – Non-mitigations – True mitigation  Summary of recommendations © 2012 Imperva, Inc. All rights reserved.
Presenter: Tal Be’ery, CISSP  Web Security Research Team Leader at Imperva  Holds MSc & BSc degree in CS/EE from TAU  10+ years of experience in IS domain  Facebook “white hat”  Speaker at RSA, BlackHat, AusCERT  Columnist for securityweek.com © 2012 Imperva, Inc. All rights reserved.
Imperva’s Hacker Intelligence Initiative © 2012 Imperva, Inc. All rights reserved.
Hacker Intelligence Initiative (HII)  The Hacker Intelligence Initiative is focused on understanding how attackers operate in practice + A different approach from vulnerability research  Data set composition + ~50 real world applications + Anonymous Proxies  More than 18 months of data  Powerful analysis system + Combines analytic tools with drill down capabilities © 2012 Imperva, Inc. All rights reserved.
HII - Motivation  Focus on actual threats + Focus on what hackers want, helping good guys prioritize + Technical insight into hacker activity + Business trends of hacker activity + Future directions of hacker activity  Eliminate uncertainties + Active attack sources + Explicit attack vectors + Spam content  Devise new defenses based on real data + Reduce guess work © 2012 Imperva, Inc. All rights reserved.
HII Reports  Monthly reports based on data collection and analysis  Drill down into specific incidents or attack types  2011 / 2012 reports + Remote File Inclusion + Search Engine Poisoning + The Convergence of Google and Bots + Anatomy of a SQLi Attack + Hacker Forums Statistics + Automated Hacking + Password Worst Practices + Dissecting Hacktivist Attacks + CAPTCHA Analysis © 2012 Imperva, Inc. All rights reserved.
WAAR – Web Application Attack Report  Semi annual  Based on aggregated analysis of 6 / 12 months of data  Motivation + Pick-up trends + High level take outs + Create comparative measurements over time © 2012 Imperva, Inc. All rights reserved.
Denial of Service: Definition and Background © 2012 Imperva, Inc. All rights reserved.
Denial of Service: Definition  Denial of Service attack  Wikipedia - “make a machine or network resource unavailable to its intended users”  Attacks data availability © 2012 Imperva, Inc. All rights reserved.
Data Drives Business  Customers details  Inventory  Trade secrets  Intellectual property  Financial analysis © 2012 Imperva, Inc. All rights reserved.
Protecting Data  Data must remain: + Protected against unauthorized changes + Available Availability + Confidential Integrity Confidentiality © 2012 Imperva, Inc. All rights reserved.
Hackers Are After Your Data  Attacking confidentiality – leaking secret data + SQL injection + Careless employees Confidentiality © 2012 Imperva, Inc. All rights reserved.
Hackers Are After Your Data  Attacking integrity – changing sensitive data + SQL injection + Malicious insider Integrity © 2012 Imperva, Inc. All rights reserved.
Hackers Are After Your Data  Attacking data availability + DoS attacks Availability © 2012 Imperva, Inc. All rights reserved.
DoS is Another Tool in the Hacker Toolbox Hacker Forum Discussion Topics 9% 16% 12% spam dos/ddos 12% 22% SQL Injection zero-day 10% shell code 19% brute-force HTML Injection Source: Imperva. Covers July 2010 -July 2011 across 600,000 discussions © 2012 Imperva, Inc. All rights reserved.
Denial of Service: Attackers © 2012 Imperva, Inc. All rights reserved.
Attackers – Who Are They?  Who wants to put you out of business?  Protesters + Hacktivists  Business related + Competitors + Racketeering © 2012 Imperva, Inc. All rights reserved.
Hacktivism: Definition  “Hacktivism (a portmanteau of hack and activism).” © 2012 Imperva, Inc. All rights reserved.
What/Who is Anonymous? “…the first Internet-based superconsciousness.” —Chris Landers. Baltimore City Paper, April 2, 2008 © 2012 Imperva, Inc. All rights reserved.
What/Who is Anonymous? “…the first Internet-based superconsciousness.” —Chris Landers. Baltimore City Paper, April 2, 2008 “Anonymous is an umbrella for anyone to hack anything for any reason.” —New York Times, 27 Feb 2012 © 2012 Imperva, Inc. All rights reserved.
What/Who is Anonymous?  One thing is for sure - they are hackers! © 2012 Imperva, Inc. All rights reserved.
Recruiting Over Social Media - 1 © 2012 Imperva, Inc. All rights reserved.
Recruiting Over Social Media - 2 © 2012 Imperva, Inc. All rights reserved.
Setting Up an Early Warning System © 2012 Imperva, Inc. All rights reserved.
Example © 2012 Imperva, Inc. All rights reserved.
Business Attackers - 1  DoS as a Service © 2012 Imperva, Inc. All rights reserved.
Business Attackers - 2  Where there is a demand, there will be supply… © 2012 Imperva, Inc. All rights reserved.
Business Attackers - 2  Where there is a demand, there will be supply… © 2012 Imperva, Inc. All rights reserved.
Denial of Service: Popular Tools © 2012 Imperva, Inc. All rights reserved.
Protecting True Identity  Hackers protect their identity  By using… TOR 15% + TOR Other IPs 28% + Other anonymity services – Anonymous proxies Anonymity Services – Private VPN services 57% – Hacked servers Source: https://www.torproject.org/about/overview.html.en © 2012 Imperva, Inc. All rights reserved.
Hacking Tools  Low-Orbit Ion Canon (LOIC)  Purpose - DDoS  Windows desktop application, coded in C#  UDP/TCP/HTTP flooding © 2012 Imperva, Inc. All rights reserved.
LOIC Facts  LOIC downloads + 2011: 380K + 2012 (through October 14): 616K + Jan 2012 (megaupload takedown): 182K For more: http://blog.imperva.com/2012/05/loicversary.html © 2012 Imperva, Inc. All rights reserved.
DDoS is Moving Up the Stack  Decreasing costs + Application layer attacks are far more efficient + Less attackers to take down a site  The DoS security gap + Traditionally, the defense against DDoS was based on dedicated devices operating at lower layers (TCP/IP). Inherent shortcomings: – Don't decrypt SSL, – Don’t understand the HTTP protocol – Unaware of the web application. For more: http://blog.imperva.com/2011/12/top-cyber-security-trends-for-2012-7.html © 2012 Imperva, Inc. All rights reserved.
Javascript/Mobile/VM/JS LOIC  DaaS – DoS as a Service  Application layer attacks  Easy to participate – no download + Just point your browser to the JS-Loic page  Effective + Iterates up to 200 requests per second  Cross platform + Mobile device + Linux/Mac/PC © 2012 Imperva, Inc. All rights reserved.
JS LOIC - Attack Characteristics  HTTP Referer header – indicates attack code source  Fixed target URL + Carefully selected to create load on target server  A Parameter with some arbitrary changing value + To avoid caches along the way  A Parameter value "msg" with some hacktivist’s slogan www.target.com/search.php?q=a&id=61278641278&msg= we+are+legion! © 2012 Imperva, Inc. All rights reserved.
Hacktivists’ DoS in the Wild © 2012 Imperva, Inc. All rights reserved.
Hacktivists’ DoS in the Wild © 2012 Imperva, Inc. All rights reserved.
Hacktivists’ DoS in the Wild © 2012 Imperva, Inc. All rights reserved.
Some More JS LOIC © 2012 Imperva, Inc. All rights reserved.
Some More JS LOIC © 2012 Imperva, Inc. All rights reserved.
Slow HTTP tools  “Dripping” HTTP POST parameter value byte by byte  Generating a never ending request  Exhausting the attacked server’s concurrent requests pool  Tools + RAILgun + SlowHTTPtest © 2012 Imperva, Inc. All rights reserved.
DDoS: Mitigation © 2012 Imperva, Inc. All rights reserved.
Anti-Virus is Irrelevant: Malware is NOT the MO McAfee mea culpa “The security industry may need to reconsider some of its fundamental assumptions, including 'Are we really protecting users and companies?’” --McAfee, September 2011 Source: http://www.nytimes.com/external/readwriteweb/2011/08/23/23readwriteweb-mcafee-to-security-industry-are-we-really-p-70470.html?partner=rss&emc=rss © 2012 Imperva, Inc. All rights reserved.
SDLC is Irrelevant: No Vulnerability  Traditionally, an attack is comprised of two elements + Vulnerability + Exploit  To mitigate, either (or even better both) + Repair the vulnerability – with SDLC + Stop the exploit – with a security device  In DoS – there’s no vulnerability! © 2012 Imperva, Inc. All rights reserved.
IPS/NGFW is Irrelevant  Statefulness + Inspecting each request by itself is futile as each request is benign per se + Only when accumulated within the right context (IP/ Application Session / Application user) the attack’s true colors are exposed  True application awareness + Detecting unexpected parameters on request © 2012 Imperva, Inc. All rights reserved.
Mitigation WAF: Stateful, Decrypts SSL, understand HTTP, understand the application business logic to analyze the traffic, sifting out the DoS traffic. © 2012 Imperva, Inc. All rights reserved.
Mitigation: Stateful Rules  Customer was attacked with “large files” downloads from unauthenticated users  A specific rule was created: © 2012 Imperva, Inc. All rights reserved.
Mitigation: Picking the Low Hanging Fruits  Some tools have small deviations from normal browsers + User agent + Missing headers + Headers order + Misspelled headers + Fixed value © 2012 Imperva, Inc. All rights reserved.
Mitigation: Reputation Services  Sources intelligence + Malicious IPs + Anonymity services IPs – TOR – Anonymous proxies © 2012 Imperva, Inc. All rights reserved.
Blocking Traffic Based on Reputation Real-time alerts and ability to block based on IP Reputation. 51 © 2012 Imperva, Inc. All rights reserved.
Blocking Traffic Based on Reputation Real-time alerts and ability to block based on IP Reputation. 52 © 2012 Imperva, Inc. All rights reserved.
Blocking Traffic Based on Reputation Real-time alerts and ability to block based on IP Reputation. 53 © 2012 Imperva, Inc. All rights reserved.
Summary and Recommendations © 2012 Imperva, Inc. All rights reserved.
Summary DoS is another tool in the hackers toolbox DoS is going up the application stack Mitigate application layer DoS attacks with WAF Use community based anti-automation reputation services © 2012 Imperva, Inc. All rights reserved.
Imperva in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control © 2012 Imperva, Inc. All rights reserved.
Webinar Materials 57 © 2012 Imperva, Inc. All rights reserved.
Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Answers to Post-Webinar Attendee Discussions Questions Webinar Join Group Recording Link © 2012 Imperva, Inc. All rights reserved.
Questions? 59 © 2012 Imperva, Inc. All rights reserved.
www.imperva.com - CONFIDENTIAL -

Recommended

Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ESAllen Informática
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNew England Direct Marketing Association, Inc.
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
The CypherWire - Encryption doesn't have to be cryptic
The CypherWire - Encryption doesn't have to be crypticThe CypherWire - Encryption doesn't have to be cryptic
The CypherWire - Encryption doesn't have to be crypticEchoworx
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer PrivacyRaj Goel
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
Transform London 2013
Transform London 2013Transform London 2013
Transform London 2013Sébastien Caron
 

Recommended

Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ESAllen Informática
 
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNEDMA18 Keynote: Cyber Security – what you need to know, what you need to do
NEDMA18 Keynote: Cyber Security – what you need to know, what you need to doNew England Direct Marketing Association, Inc.
 
Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Wk online trust solutions overview january 2012
Wk online trust solutions overview january 2012Creus Moreira Carlos
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017Craig Devlin
 
The CypherWire - Encryption doesn't have to be cryptic
The CypherWire - Encryption doesn't have to be crypticThe CypherWire - Encryption doesn't have to be cryptic
The CypherWire - Encryption doesn't have to be crypticEchoworx
 
2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer Privacy2010 10 27 Isc2 Protecting Consumer Privacy
2010 10 27 Isc2 Protecting Consumer PrivacyRaj Goel
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out The Lorenzi Group
 
Transform London 2013
Transform London 2013Transform London 2013
Transform London 2013Sébastien Caron
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
profile_and_editorial
profile_and_editorialprofile_and_editorial
profile_and_editorialJohn Carson (@johncarson)
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06Skillspire LLC
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
C:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarC:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarTechBiz Forense Digital
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 
Security
SecuritySecurity
SecurityDick Pirozzolo, APR
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointImperva
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Thy myth of hacking Oracle
Thy myth of hacking OracleThy myth of hacking Oracle
Thy myth of hacking OracleErmando
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
Automated Hacking Tools - Meet the New Rock Stars in the Cyber UndergroundAutomated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
Automated Hacking Tools - Meet the New Rock Stars in the Cyber UndergroundImperva
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013Imperva
 
גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websenselihig
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 

More Related Content

What's hot

Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Ulf Mattsson
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires SuperhumansDinesh O Bareja
 
C:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarC:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarTechBiz Forense Digital
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptographyMehrdad Jingoism
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management ServicesMarlabs
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointImperva
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Thy myth of hacking Oracle
Thy myth of hacking OracleThy myth of hacking Oracle
Thy myth of hacking OracleErmando
 

What's hot (13)

Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
profile_and_editorial
profile_and_editorialprofile_and_editorial
profile_and_editorial
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
 
Incident Response Requires Superhumans
Incident Response Requires SuperhumansIncident Response Requires Superhumans
Incident Response Requires Superhumans
 
C:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud WebinarC:\Fakepath-6 09 10 Financial Fraud Webinar
C:\Fakepath-6 09 10 Financial Fraud Webinar
 
Ce hv8 module 19 cryptography
Ce hv8 module 19 cryptographyCe hv8 module 19 cryptography
Ce hv8 module 19 cryptography
 
Security
SecuritySecurity
Security
 
Cyber Threat Management Services
Cyber Threat Management ServicesCyber Threat Management Services
Cyber Threat Management Services
 
Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011Issa chicago next generation tokenization ulf mattsson apr 2011
Issa chicago next generation tokenization ulf mattsson apr 2011
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePoint
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Thy myth of hacking Oracle
Thy myth of hacking OracleThy myth of hacking Oracle
Thy myth of hacking Oracle
 

Similar to Deconstructing Application DoS Attacks

Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
Automated Hacking Tools - Meet the New Rock Stars in the Cyber UndergroundAutomated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
Automated Hacking Tools - Meet the New Rock Stars in the Cyber UndergroundImperva
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013Imperva
 
גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websenselihig
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Team Sistemi
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PROIDEA
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
Cyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersCyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersImperva
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 

Similar to Deconstructing Application DoS Attacks (20)

Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
Automated Hacking Tools - Meet the New Rock Stars in the Cyber UndergroundAutomated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013
 
גיא אילון Websense
גיא אילון Websenseגיא אילון Websense
גיא אילון Websense
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 Steps
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!Cyberoam: il futuro della network security!
Cyberoam: il futuro della network security!
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014
 
Cyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on HackersCyber Vigilantes: Turning the Tables on Hackers
Cyber Vigilantes: Turning the Tables on Hackers
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 

More from Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 

More from Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Recently uploaded

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Deconstructing Application DoS Attacks

  • 1. Deconstructing Application DoS Attacks Tal Be’ery, Web Research TL, Imperva
  • 2. Agenda  Introduction to Imperva’s Hacker Intelligence Initiative  Denial of Service (DoS): + Definition and background + Attackers – Hacktivists – Business related + Tools – JS LOIC – Slow HTTP + Mitigation – Non-mitigations – True mitigation  Summary of recommendations © 2012 Imperva, Inc. All rights reserved.
  • 3. Presenter: Tal Be’ery, CISSP  Web Security Research Team Leader at Imperva  Holds MSc & BSc degree in CS/EE from TAU  10+ years of experience in IS domain  Facebook “white hat”  Speaker at RSA, BlackHat, AusCERT  Columnist for securityweek.com © 2012 Imperva, Inc. All rights reserved.
  • 4. Imperva’s Hacker Intelligence Initiative © 2012 Imperva, Inc. All rights reserved.
  • 5. Hacker Intelligence Initiative (HII)  The Hacker Intelligence Initiative is focused on understanding how attackers operate in practice + A different approach from vulnerability research  Data set composition + ~50 real world applications + Anonymous Proxies  More than 18 months of data  Powerful analysis system + Combines analytic tools with drill down capabilities © 2012 Imperva, Inc. All rights reserved.
  • 6. HII - Motivation  Focus on actual threats + Focus on what hackers want, helping good guys prioritize + Technical insight into hacker activity + Business trends of hacker activity + Future directions of hacker activity  Eliminate uncertainties + Active attack sources + Explicit attack vectors + Spam content  Devise new defenses based on real data + Reduce guess work © 2012 Imperva, Inc. All rights reserved.
  • 7. HII Reports  Monthly reports based on data collection and analysis  Drill down into specific incidents or attack types  2011 / 2012 reports + Remote File Inclusion + Search Engine Poisoning + The Convergence of Google and Bots + Anatomy of a SQLi Attack + Hacker Forums Statistics + Automated Hacking + Password Worst Practices + Dissecting Hacktivist Attacks + CAPTCHA Analysis © 2012 Imperva, Inc. All rights reserved.
  • 8. WAAR – Web Application Attack Report  Semi annual  Based on aggregated analysis of 6 / 12 months of data  Motivation + Pick-up trends + High level take outs + Create comparative measurements over time © 2012 Imperva, Inc. All rights reserved.
  • 9. Denial of Service: Definition and Background © 2012 Imperva, Inc. All rights reserved.
  • 10. Denial of Service: Definition  Denial of Service attack  Wikipedia - “make a machine or network resource unavailable to its intended users”  Attacks data availability © 2012 Imperva, Inc. All rights reserved.
  • 11. Data Drives Business  Customers details  Inventory  Trade secrets  Intellectual property  Financial analysis © 2012 Imperva, Inc. All rights reserved.
  • 12. Protecting Data  Data must remain: + Protected against unauthorized changes + Available Availability + Confidential Integrity Confidentiality © 2012 Imperva, Inc. All rights reserved.
  • 13. Hackers Are After Your Data  Attacking confidentiality – leaking secret data + SQL injection + Careless employees Confidentiality © 2012 Imperva, Inc. All rights reserved.
  • 14. Hackers Are After Your Data  Attacking integrity – changing sensitive data + SQL injection + Malicious insider Integrity © 2012 Imperva, Inc. All rights reserved.
  • 15. Hackers Are After Your Data  Attacking data availability + DoS attacks Availability © 2012 Imperva, Inc. All rights reserved.
  • 16. DoS is Another Tool in the Hacker Toolbox Hacker Forum Discussion Topics 9% 16% 12% spam dos/ddos 12% 22% SQL Injection zero-day 10% shell code 19% brute-force HTML Injection Source: Imperva. Covers July 2010 -July 2011 across 600,000 discussions © 2012 Imperva, Inc. All rights reserved.
  • 17. Denial of Service: Attackers © 2012 Imperva, Inc. All rights reserved.
  • 18. Attackers – Who Are They?  Who wants to put you out of business?  Protesters + Hacktivists  Business related + Competitors + Racketeering © 2012 Imperva, Inc. All rights reserved.
  • 19. Hacktivism: Definition  “Hacktivism (a portmanteau of hack and activism).” © 2012 Imperva, Inc. All rights reserved.
  • 20. What/Who is Anonymous? “…the first Internet-based superconsciousness.” —Chris Landers. Baltimore City Paper, April 2, 2008 © 2012 Imperva, Inc. All rights reserved.
  • 21. What/Who is Anonymous? “…the first Internet-based superconsciousness.” —Chris Landers. Baltimore City Paper, April 2, 2008 “Anonymous is an umbrella for anyone to hack anything for any reason.” —New York Times, 27 Feb 2012 © 2012 Imperva, Inc. All rights reserved.
  • 22. What/Who is Anonymous?  One thing is for sure - they are hackers! © 2012 Imperva, Inc. All rights reserved.
  • 23. Recruiting Over Social Media - 1 © 2012 Imperva, Inc. All rights reserved.
  • 24. Recruiting Over Social Media - 2 © 2012 Imperva, Inc. All rights reserved.
  • 25. Setting Up an Early Warning System © 2012 Imperva, Inc. All rights reserved.
  • 26. Example © 2012 Imperva, Inc. All rights reserved.
  • 27. Business Attackers - 1  DoS as a Service © 2012 Imperva, Inc. All rights reserved.
  • 28. Business Attackers - 2  Where there is a demand, there will be supply… © 2012 Imperva, Inc. All rights reserved.
  • 29. Business Attackers - 2  Where there is a demand, there will be supply… © 2012 Imperva, Inc. All rights reserved.
  • 30. Denial of Service: Popular Tools © 2012 Imperva, Inc. All rights reserved.
  • 31. Protecting True Identity  Hackers protect their identity  By using… TOR 15% + TOR Other IPs 28% + Other anonymity services – Anonymous proxies Anonymity Services – Private VPN services 57% – Hacked servers Source: https://www.torproject.org/about/overview.html.en © 2012 Imperva, Inc. All rights reserved.
  • 32. Hacking Tools  Low-Orbit Ion Canon (LOIC)  Purpose - DDoS  Windows desktop application, coded in C#  UDP/TCP/HTTP flooding © 2012 Imperva, Inc. All rights reserved.
  • 33. LOIC Facts  LOIC downloads + 2011: 380K + 2012 (through October 14): 616K + Jan 2012 (megaupload takedown): 182K For more: http://blog.imperva.com/2012/05/loicversary.html © 2012 Imperva, Inc. All rights reserved.
  • 34. DDoS is Moving Up the Stack  Decreasing costs + Application layer attacks are far more efficient + Less attackers to take down a site  The DoS security gap + Traditionally, the defense against DDoS was based on dedicated devices operating at lower layers (TCP/IP). Inherent shortcomings: – Don't decrypt SSL, – Don’t understand the HTTP protocol – Unaware of the web application. For more: http://blog.imperva.com/2011/12/top-cyber-security-trends-for-2012-7.html © 2012 Imperva, Inc. All rights reserved.
  • 35. Javascript/Mobile/VM/JS LOIC  DaaS – DoS as a Service  Application layer attacks  Easy to participate – no download + Just point your browser to the JS-Loic page  Effective + Iterates up to 200 requests per second  Cross platform + Mobile device + Linux/Mac/PC © 2012 Imperva, Inc. All rights reserved.
  • 36. JS LOIC - Attack Characteristics  HTTP Referer header – indicates attack code source  Fixed target URL + Carefully selected to create load on target server  A Parameter with some arbitrary changing value + To avoid caches along the way  A Parameter value "msg" with some hacktivist’s slogan www.target.com/search.php?q=a&id=61278641278&msg= we+are+legion! © 2012 Imperva, Inc. All rights reserved.
  • 37. Hacktivists’ DoS in the Wild © 2012 Imperva, Inc. All rights reserved.
  • 38. Hacktivists’ DoS in the Wild © 2012 Imperva, Inc. All rights reserved.
  • 39. Hacktivists’ DoS in the Wild © 2012 Imperva, Inc. All rights reserved.
  • 40. Some More JS LOIC © 2012 Imperva, Inc. All rights reserved.
  • 41. Some More JS LOIC © 2012 Imperva, Inc. All rights reserved.
  • 42. Slow HTTP tools  “Dripping” HTTP POST parameter value byte by byte  Generating a never ending request  Exhausting the attacked server’s concurrent requests pool  Tools + RAILgun + SlowHTTPtest © 2012 Imperva, Inc. All rights reserved.
  • 43. DDoS: Mitigation © 2012 Imperva, Inc. All rights reserved.
  • 44. Anti-Virus is Irrelevant: Malware is NOT the MO McAfee mea culpa “The security industry may need to reconsider some of its fundamental assumptions, including 'Are we really protecting users and companies?’” --McAfee, September 2011 Source: http://www.nytimes.com/external/readwriteweb/2011/08/23/23readwriteweb-mcafee-to-security-industry-are-we-really-p-70470.html?partner=rss&emc=rss © 2012 Imperva, Inc. All rights reserved.
  • 45. SDLC is Irrelevant: No Vulnerability  Traditionally, an attack is comprised of two elements + Vulnerability + Exploit  To mitigate, either (or even better both) + Repair the vulnerability – with SDLC + Stop the exploit – with a security device  In DoS – there’s no vulnerability! © 2012 Imperva, Inc. All rights reserved.
  • 46. IPS/NGFW is Irrelevant  Statefulness + Inspecting each request by itself is futile as each request is benign per se + Only when accumulated within the right context (IP/ Application Session / Application user) the attack’s true colors are exposed  True application awareness + Detecting unexpected parameters on request © 2012 Imperva, Inc. All rights reserved.
  • 47. Mitigation WAF: Stateful, Decrypts SSL, understand HTTP, understand the application business logic to analyze the traffic, sifting out the DoS traffic. © 2012 Imperva, Inc. All rights reserved.
  • 48. Mitigation: Stateful Rules  Customer was attacked with “large files” downloads from unauthenticated users  A specific rule was created: © 2012 Imperva, Inc. All rights reserved.
  • 49. Mitigation: Picking the Low Hanging Fruits  Some tools have small deviations from normal browsers + User agent + Missing headers + Headers order + Misspelled headers + Fixed value © 2012 Imperva, Inc. All rights reserved.
  • 50. Mitigation: Reputation Services  Sources intelligence + Malicious IPs + Anonymity services IPs – TOR – Anonymous proxies © 2012 Imperva, Inc. All rights reserved.
  • 51. Blocking Traffic Based on Reputation Real-time alerts and ability to block based on IP Reputation. 51 © 2012 Imperva, Inc. All rights reserved.
  • 52. Blocking Traffic Based on Reputation Real-time alerts and ability to block based on IP Reputation. 52 © 2012 Imperva, Inc. All rights reserved.
  • 53. Blocking Traffic Based on Reputation Real-time alerts and ability to block based on IP Reputation. 53 © 2012 Imperva, Inc. All rights reserved.
  • 54. Summary and Recommendations © 2012 Imperva, Inc. All rights reserved.
  • 55. Summary DoS is another tool in the hackers toolbox DoS is going up the application stack Mitigate application layer DoS attacks with WAF Use community based anti-automation reputation services © 2012 Imperva, Inc. All rights reserved.
  • 56. Imperva in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control © 2012 Imperva, Inc. All rights reserved.
  • 57. Webinar Materials 57 © 2012 Imperva, Inc. All rights reserved.
  • 58. Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Answers to Post-Webinar Attendee Discussions Questions Webinar Join Group Recording Link © 2012 Imperva, Inc. All rights reserved.
  • 59. Questions? 59 © 2012 Imperva, Inc. All rights reserved.