This document discusses the history and capabilities of the network intrusion detection system SNORT. It provides an overview of SNORT's origins as a weekend project in 1998, its growth with support from the security community, and its commercialization. The document also previews SNORT's open source Razorback project and provides links on SNORT deployment, common web attacks that SNORT can detect like XSS and SQL injection, and penetration testing tools that can be used alongside SNORT.

1. Web Attack Analysis with SNORT
Suwitcha Musijaral, SNORTCP
Cisco System

2. About Me
• System Engineer in various
technology company,
Network,ADN,Web Security,
Network Security.
• CISSP,CISA,GWAPT,SNORT-CP

3. History of SNORT

4. A Brief History of SNORT
• Weekend project by Martin Roesch 1998
• to learn libpcap library,Monitor Home Network,Network
Application Debugging
• First SNORT release 1999 with rule and language
• Security Community is key success to SNORT.
• Official SNORT rule maintain and support by VRT and now become
CISCO TALOS team.
• Commercial product (Sourcefire) and Sell to Cisco at 2.7B

5. The Future SNORT

7. RazerBack
• Open Source Project by
Sourcefire VRT Team
• Main idea is to collaborate
between Security Product
https://labs.snort.org/razorback/

8. SNORT Deployment

9. https://www.snort.org/documents/snort-ips-tutorial

10. https://www.snort.org/documents/how-to-make-some-home-routers-mirror-
traffic-to-snort

11. https://www.owasp.org/index.php/
Category:OWASP_Top_Ten_Project

12. How Attack look like?

14. Exploit Known Vulnerability
OWASP Top 10 - A9

15. <Demo>

16. Insecure Direct Object Reference
OWASP - A2

17. <Demo>

18. Exploit Application Aulnerability
A1 - Injection

19. <Demo>

20. Cross Site Scripting
OWSAP Top 10 - A3

21. <Demo>

22. Penetration test tools

23. <Demo>

24. Known Malware

25. <Demo>

26. Known Malicious domain

27. <Demo>

28. http://b2me.cisco.com/2017snortcalendarsurvey

29. https://www.snort.org/community/scholarship

31. Q&A