Internet security has reached the highest defcon level. Another day, another hack – the
new bug on the scene known as “Shellshock” blew up headlines and Twitter feeds.
Unified Security through Armor and AWS - DEM04 - Chicago AWS SummitAmazon Web Services
Migrating mission-critical workloads to the cloud requires specialized expertise and operational evolution. Fortunately, security tools have evolved and are now much easier to implement, use, and scale. In this session, learn what tools are right for your business requirements and how they can effectively reduce operational friction in your journey to the cloud. Hear representatives from Armor discuss how automation has developed a strong combination of security controls in AWS, and learn how Armor designs the proper controls to address potential security gaps. Also, learn how to mitigate risk by utilizing AWS native security controls in conjunction with Armor's security stack. This session is brought to you by AWS partner, Armor.
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)Adam Nurudini
File upload vulnerabilities are a devastating category of web application vulnerabilities. Without secure coding and configuration, an attacker can quickly compromise an affected system.
This presentation will discuss types, how to discover, exploit, and how to mitigate file upload vulnerabilities.
Unified Security through Armor and AWS - DEM04 - Chicago AWS SummitAmazon Web Services
Migrating mission-critical workloads to the cloud requires specialized expertise and operational evolution. Fortunately, security tools have evolved and are now much easier to implement, use, and scale. In this session, learn what tools are right for your business requirements and how they can effectively reduce operational friction in your journey to the cloud. Hear representatives from Armor discuss how automation has developed a strong combination of security controls in AWS, and learn how Armor designs the proper controls to address potential security gaps. Also, learn how to mitigate risk by utilizing AWS native security controls in conjunction with Armor's security stack. This session is brought to you by AWS partner, Armor.
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.
Unrestricted file upload CWE-434 - Adam Nurudini (ISACA)Adam Nurudini
File upload vulnerabilities are a devastating category of web application vulnerabilities. Without secure coding and configuration, an attacker can quickly compromise an affected system.
This presentation will discuss types, how to discover, exploit, and how to mitigate file upload vulnerabilities.
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
Presentation at the OpenStack Summit 2014 in Paris of the VESPA Security Framework (#vBrownBag TechTalks). VESPA allows simple and strong protection of IaaS infrastructures with automation of security management, multi-layer defense, and open security architecture. VESPA is open source under LGPL license.
Ryan Holland (Cloud Platform Solution Director, Alert Logic) and Pat McDowell (Partner Solution Architect, Amazon Web Services)'s presentation on AWS security services like AWS Inspector, AWS WAF, and AWS Config Rules at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
Skybox has a complete portfolio solving many common problems in enterprise cyber security. In the Vulnerability and Threat Management space we offer solutions that span the entire process of discovering and remediation vulnerabilities. Liran Chen from Skybox, will be showing how our scanless vulnerability discovery feature can make a huge impact on reducing risk in the enterprise.
How Lacework delivers automated security for AWS. From initial configuration to compliance assessment and daily operations, Lacework integrates with and augments AWS services to deliver advanced protection to the assets you deploy on AWS.
5 ways to use devops in product infrastructure management finalPradeep Bohra
The talk contains experience on the Infra DevOps specifically working with Fintech(World's largest forex company). Demo pipeline is created to show case the way to work.
Who should join for the talk ?
1. If you want to learn the consideration while designing an infra.
2. If you are interested to learn concepts on layered security.
3. If you want to learn to build a CD pipeline managing infra on AWS.
4. If you are interested to see Terraform in Action spinning resource on AWS.
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
In this session, students will learn about Azure Security Center and Azure platform security.
Azure Security Center makes it easier than ever to protect your Microsoft Azure virtual machines and virtual networks (as well as Azure SQL Databases, Storage, and more), enabling you to move to the cloud with confidence.
Power of the cloud - Introduction to azure securityBruno Capuano
Slides used during the session
Introduction to Microsoft Azure Security
Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments. This presentation helps you understand how Azure security capabilities can help you fulfill these requirements using options such as Azure AD, Azure Security Center, Azure Advisor, and Azure Monitor.
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
Traditionally, people have used the userland daemon ‘auditd’ built by some good Red Hat folks to collect and consume this data. However, there are a couple of problems with traditional open source auditd and auditd libraries that we’ve had to deal with ourselves, especially when trying to run it on performance sensitive systems and make sense of the sometimes obtuse data that traditional auditd spits out. To that effect, we’ve written a custom audit listener from the ground up for the Threat Stack agent (tsauditd).
Talk to executives in IT divisions of large enterprises about security and invariably the conversation will hover around
DevSecOps pipeline.
Is DevSecOps the only thing you need to do for security in your IT division or is there more?
What impact does bringing in secure culture in an engineering context mean?
What handshake is needed between the IT function and the security / risk function for large enterprises?
How does this impact roles and responsibilities of a developer?
This talk is an attempt to answer questions such as these using a real world examples of transformations seen in Fortune 100 companies.
Vulnerability management has long been a part of defense the number of breaches related to un-patched systems seems to grow year over year. I will be exploring research and recommendations to help improve your vuln management systems and prioritize the vulnerabilities critical to your business function.
What is Bash?
Bash is the shell, a shell is a program that translates your commands into something the device's OS can understand or command language interpreter, for the operating system. The name is an acronym for the ‘Bourne-Again SHell’, a pun on Stephen Bourne, the author of the direct ancestor of the current Unix shell sh, which appeared in the Seventh Edition Bell Labs Research version of Unix. Bash is the default shell and is quite portable. It currently runs on nearly every version of UNIX and a few other operating.
Delivered a 10-15 minute presentation and Q&A session with co-presenters Rula Danno and Darren Rolfe in January 2015 for the Introduction to Computer Security (EECS 3482) course at York University, Canada, about the software vulnerability in the Bash command interpreter, dubbed Shellshock, that was discovered in September 2014.
http://www.eecs.yorku.ca/course_archive/2014-15/W/3482/
Make your OpenStack Cloud Self-Defending with VESPA!mlacostma
Presentation at the OpenStack Summit 2014 in Paris of the VESPA Security Framework (#vBrownBag TechTalks). VESPA allows simple and strong protection of IaaS infrastructures with automation of security management, multi-layer defense, and open security architecture. VESPA is open source under LGPL license.
Ryan Holland (Cloud Platform Solution Director, Alert Logic) and Pat McDowell (Partner Solution Architect, Amazon Web Services)'s presentation on AWS security services like AWS Inspector, AWS WAF, and AWS Config Rules at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
Skybox has a complete portfolio solving many common problems in enterprise cyber security. In the Vulnerability and Threat Management space we offer solutions that span the entire process of discovering and remediation vulnerabilities. Liran Chen from Skybox, will be showing how our scanless vulnerability discovery feature can make a huge impact on reducing risk in the enterprise.
How Lacework delivers automated security for AWS. From initial configuration to compliance assessment and daily operations, Lacework integrates with and augments AWS services to deliver advanced protection to the assets you deploy on AWS.
5 ways to use devops in product infrastructure management finalPradeep Bohra
The talk contains experience on the Infra DevOps specifically working with Fintech(World's largest forex company). Demo pipeline is created to show case the way to work.
Who should join for the talk ?
1. If you want to learn the consideration while designing an infra.
2. If you are interested to learn concepts on layered security.
3. If you want to learn to build a CD pipeline managing infra on AWS.
4. If you are interested to see Terraform in Action spinning resource on AWS.
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
In this session, students will learn about Azure Security Center and Azure platform security.
Azure Security Center makes it easier than ever to protect your Microsoft Azure virtual machines and virtual networks (as well as Azure SQL Databases, Storage, and more), enabling you to move to the cloud with confidence.
Power of the cloud - Introduction to azure securityBruno Capuano
Slides used during the session
Introduction to Microsoft Azure Security
Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments. This presentation helps you understand how Azure security capabilities can help you fulfill these requirements using options such as Azure AD, Azure Security Center, Azure Advisor, and Azure Monitor.
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
Traditionally, people have used the userland daemon ‘auditd’ built by some good Red Hat folks to collect and consume this data. However, there are a couple of problems with traditional open source auditd and auditd libraries that we’ve had to deal with ourselves, especially when trying to run it on performance sensitive systems and make sense of the sometimes obtuse data that traditional auditd spits out. To that effect, we’ve written a custom audit listener from the ground up for the Threat Stack agent (tsauditd).
Talk to executives in IT divisions of large enterprises about security and invariably the conversation will hover around
DevSecOps pipeline.
Is DevSecOps the only thing you need to do for security in your IT division or is there more?
What impact does bringing in secure culture in an engineering context mean?
What handshake is needed between the IT function and the security / risk function for large enterprises?
How does this impact roles and responsibilities of a developer?
This talk is an attempt to answer questions such as these using a real world examples of transformations seen in Fortune 100 companies.
Vulnerability management has long been a part of defense the number of breaches related to un-patched systems seems to grow year over year. I will be exploring research and recommendations to help improve your vuln management systems and prioritize the vulnerabilities critical to your business function.
What is Bash?
Bash is the shell, a shell is a program that translates your commands into something the device's OS can understand or command language interpreter, for the operating system. The name is an acronym for the ‘Bourne-Again SHell’, a pun on Stephen Bourne, the author of the direct ancestor of the current Unix shell sh, which appeared in the Seventh Edition Bell Labs Research version of Unix. Bash is the default shell and is quite portable. It currently runs on nearly every version of UNIX and a few other operating.
Delivered a 10-15 minute presentation and Q&A session with co-presenters Rula Danno and Darren Rolfe in January 2015 for the Introduction to Computer Security (EECS 3482) course at York University, Canada, about the software vulnerability in the Bash command interpreter, dubbed Shellshock, that was discovered in September 2014.
http://www.eecs.yorku.ca/course_archive/2014-15/W/3482/
Open Source and Security: Engineering Security by Design - Prague, December 2011Jeremy Brown
This was a talk I did at the International Conference ITTE 2011 - Cyber Security and Defense in Prague - http://www.afcea.cz/
Originally a colleague, Richard Morrell, was to give this talk and my slides are based on his but heavily modified.
The audience was a military audience who were at the conference to discuss Cyber Security.
At this joint NYC Cloud Foundry and NY PHP meetup, we'll discuss the shift to Platform-as-a-Service and what it means for PHP development on the cloud.
First, we'll take a look at the "traditional" cloud Infrastructure-as-a-Service (virtual servers and disks) model and describe how Platform-as-a-Service builds upon it to provide the runtimes and data services for hosting PHP applications.
We'll then demonstrate how a PHP developer can use buildpacks and services within a Cloud Foundry PaaS to deploy scalable and resilient apps to his or her cloud of choice.
Along the way we'll compare the variety of buildpacks available to PHP developers, show techniques for binding to services, and highlight best practices for creating born-on-the-cloud apps based on a microservices architecture.
Special thanks to Dan Mikusa for helping with the buildpack comparison.
PHP developers: Please give all three build packs a try. Provide your feedback and submit pull requests on GitHub.
5 Challenges of Moving Applications to the CloudtCell
As businesses take the next step in transforming their organization, many struggle to handle the hurdles that come with migrating their applications to the cloud. The major issue when moving applications to the cloud is security. It seems the greatest value of what makes the cloud so attractive to app development is also what makes it so difficult to secure.
Here are 5 main problems when migrating apps to the cloud...
Comparison of open source paas architectural componentscsandit
Cloud computing is a widely used technology with three basic service models such as Software
as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). This
paper focuses on the PaaS model. Open source PaaS model provides choice of cloud, developer
framework and application service. In this paper detailed study of four open PaaS packages
such as AppScale, Cloud Foundry, Cloudify, and OpenShift are explained with the considerable
architectural component aspects. We also explained some other PaaS packages like Stratos,
Stakato and mOSAIC briefly. In this paper we present the comparative study of major open
PaaS packages.
COMPARISON OF OPEN-SOURCE PAAS ARCHITECTURAL COMPONENTScscpconf
Cloud computing is a widely used technology with three basic service models such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). This paper focuses on the PaaS model. Open source PaaS model provides choice of cloud, developer framework and application service. In this paper detailed study of four open PaaS packages such as AppScale, Cloud Foundry, Cloudify, and OpenShift are explained with the considerable architectural component aspects. We also explained some other PaaS packages like Stratos, Stakato and mOSAIC briefly. In this paper we present the comparative study of major open PaaS packages.
Learn how AWS services can make it easier for you to rapidly release new features, help you avoid downtime during deployment, and handle the complexity of updating your applications.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Was the cloud shell shocked
1. Was the Cloud ShellShocked?
Internet security has reached the highest defcon level. Another day, another hack – the
new bug on the scene known as “Shellshock” blew up headlines and Twitter feeds.
Shellshock exposes a vulnerability in Bourne Again Shell (Bash), the widely-used
shell for Unix-based operating systems such as Linux and OS X. The bug allows the
perpetrator to remotely execute commands on vulnerable ports. The vulnerability is
extremely easy to exploit, not requiring extensive knowledge of application or
computational resources. The extensive functionality, along with the relative ease of
launching an attack, led industry analysts to label the bug more serious than
Heartbleed. The National Institute of Standards and Technology assigned the
vulnerability their highest risk score of 10.
What are the implications of ShellShock for Cloud Security? At Skyhigh, we
reviewed enterprise use of over 7,000 cloud service providers for vulnerabilities. The
results surprised us.
We initially expected to discover rampant vulnerability to Shellshock amongst cloud
service providers. The data portrayed a more mixed-bag of cloud application security.
4% of end-user devices in the enterprise environment employ the vulnerable version
of Bash on employee devices – reflecting the dominance of Windows in enterprise
networks. We also found that only three cloud service providers employ common
gateway interface (CGI), the primary vector of attack. While cloud service providers
may be vulnerable through other vectors (i.e. ForceCommand), the fact that they
avoid the primary attack vector of the bug through design and architectural
complexity is an indication of the maturity of today’s cloud applications.
However, when we scanned the top IaaS providers(e.g. AWS, Rackspace) for the Bash
vulnerability, 90% of checks reported the vulnerable Bash version on the default
images provisioned. Customers should not wait and rely on their IaaS providers to
take the initiative. To ensure immunity from ShellShock, all organizations should
2. immediately update their systems with the latest version of Bash.
But remediation measures shouldn’t end there. Given the current rate of breaches,
organizations can expect the next event won’t be far off. Our recommendation: A Web
Application Firewall (WAF) deployed to protect against pre-defined attack vectors
can come in handy at times like this. System administrators can quickly write rules for
WAFs to defend against this and similar bugs. In our case, we quickly updated our
WAF rules in addition to updating the vulnerable Bash version.
A Sample ruleset for mod_security (WAF) is as below:
Request Header values:
SecRule REQUEST_HEADERS “^() {”
“phase:1,deny,id:1000000,t:urlDecode,status:400,log,msg:’CVE-2014-6271 – Bash
Attack’”
SERVER_PROTOCOL values:
SecRule REQUEST_LINE “() {”
“phase:1,deny,id:1000001,status:400,log,msg:’CVE-2014-6271 – Bash Attack’”
GET/POST names:
SecRule ARGS_NAMES “^() {”
“phase:2,deny,id:1000002,t:urlDecode,t:urlDecodeUni,status:400,log,msg:’CVE-2014
-6271 – Bash Attack’”
GET/POST values:
SecRule ARGS “^() {”
“phase:2,deny,id:1000003,t:urlDecode,t:urlDecodeUni,status:400,log,msg:’CVE-2014
-6271 – Bash Attack’”
3. File names for uploads:
SecRule FILES_NAMES “^() {”
“phase:2,deny,id:1000004,t:urlDecode,t:urlDecodeUni,status:400,log,msg:’CVE-2014
-6271 – Bash Attack’”
Author :
Lauren Ellis is a research analyst covering the technology industry’s top trends &
topics, focusing on Cloud Security, Cloud Computing, Data Loss Prevention etc.,