SlideShare a Scribd company logo

Web Attack Survival Guide

•
•
- Mark - Fullbright
- Mark - Fullbright
Education
1 of 12
Download to read offline
WHITE PAPER Web Attack Survival Guide What Is Your Worst Security Nightmare? Receiving a “ransom note” with an ultimatum to pay millions of dollars or to watch your company’s website buckle under a deluge of DDoS requests? Or opening an ominous Google alert that reveals your company is the next target of a hacktivist campaign? Or discovering the application framework that powers your website is riddled with vulnerabilities—and learning it will take months to fix them? What Do You Do When Your Worst Nightmare Becomes Reality? The Web Attack Survival Guide describes today’s application threat landscape, including the attack methods and tools used by hacktivists and cybercriminals. It explains the processes and the technologies you can use to safeguard your website from attack. It also helps you prioritize security efforts and it lists security tips and tricks that you might otherwise have overlooked. After reading the Web Attack Survival Guide, you will be able to confidently face an impending web attack with a well-thought out strategy. A Blueprint for Web Attack Survival 1 2 3 4 5 6 7 Understand the Threat Actor Develop a Security Response Plan Locate and Assess Applications and Servers Strengthen Application, Network, and End-Point Security Controls Counter the Attack: Monitoring and Tuning Procedures When Under Attack Bring in the Experts: Optional Security Consulting Services Conduct a Post Mortem of the Attack
The State of Application Security The Application Threat Landscape 74% of organizations received a DDoS attack in the past year 1 86% of all websites have at least one serious vulnerability 2 75% of all cyber-attacks target web applications 3 33% of all websites had at least one serious vulnerability every day of the year in 2012 4 Web applications sit at the top of the list of hackers’ favorite attack targets. In fact, 75% of all cyber-attacks target web applications. Most websites suffer dozens of attacks per day and some sites sustain, on average, up to 26 attacks per minute. While web attacks are not new—they have existed since the dawn of the Internet—one attack trend is the emergence of hacktivism and prolonged attack campaigns. Rise of Hacktivism Hacktivism vaulted onto the scene and into the collective imagination in late 2010, with the emergence of hacktivist groups like Anonymous, LulzSec, and Anti-Sec. Initially targeting financial institutions, Anonymous and its imitators quickly moved on to dozens of other government and business targets. Within two years, 58% of all data theft 5 was attributed to hacktivist attacks. In 2012, new players, like the Syrian Electronic Army, AnonGhost, and Iranian Cyber Army, joined the party and launched a spree of attacks against U.S. banks and other western targets. Many of these attacks combine traditional web attacks, like SQL injection and cross‑site scripting, with Distributed Denial of Service (DDoS) assaults. Hacktivist attacks not only pose public relations disasters for the targeted companies, but many also result in costly data breaches and prolonged website outages. Distributed Denial of Service (DDoS) Attacks Go Commercial Besides the specter of hacktivism, organizations must contend with DDoS attacks launched by competitors or cyber extortionists. These industrialized DDoS attacks can be extraordinarily powerful—hundreds of times greater than typical bandwidth levels, reaching over 300 Gbps or more. And DDoS attacks are becoming more advanced in order to outwit conventional security controls. Instead of simply inundating targets with a flood of TCP or UDP packets, many DDoS attacks now exploit application and database flaws. Fighting Back DDoS Attack Tools Used by Hacktivist and Commercial DDoS Services Every day, hackers unleash massive attack campaigns designed to take websites offline, steal confidential data, and deface content. Fortunately, organizations can prepare for and repel these attacks. Based on feedback from application security consultants and from IT security personnel on the front lines of attack, this survival guide lays out a step-by-step plan to fend off web threats. 1. “2012 Data Breach Investigations Report,” Verizon Business, 2012 2. “WhiteHat website Security Statistic Report,” WhiteHat Security, 12th Edition 3. Gartner Research 4. “State of Web Security,” Ponemon Institute 5. 2012 Data Breach Investigations Report,” Verizon Business, 2012 2
Web Attack Survival: Step-by-Step Strategy Step 1. Understand the Threat Actor To prepare for an attack, the first step is to understand the threat actor. What enemy do you face? A well-known hacktivist group such as Anonymous or the Syrian Electronic Army? A script kiddie? Industrialized cybercriminals? Research their attack techniques and identify the tools that they use. “ f you know your I enemies and know yourself, you will not be imperiled in a hundred battles... if you do not know your enemies nor yourself, you will be imperiled in every single battle.” –Sun Tzu, The Art of War 6 Monitor Social Media If hacktivists have threatened your organization, then track social media sites such as Twitter, Facebook, and YouTube for updates about their attack methods and timelines. Hacktivists may discuss vulnerabilities or weak points of your site. Hacktivist groups will also disclose the types of DDoS attack tools that volunteer recruits can use to attack your site. Armed with this information, you can create application security signatures to easily block these attack tools. With several recent attacks, hacktivists have published “booster packs” that configure attack tools to exploit web vulnerabilities or URLs in the targeted websites. Be aware of the contents of these booster packs, so you can implement policies to repulse them. Profiling cybercriminals is more challenging than profiling hacktivists, simply because cybercriminals do not advertise their methods or strategies. Unless you monitor hacker forums, your best option is to talk to peers in your industry about attack sources, techniques, and tools.7 Be sure to read hacker intelligence reports and security research that pertain to your industry. 6. Although over-quoted, Sun Tzu’s suggestions—from preparation, to the art of deception, to battle tactics—are surprisingly apropos for defending against web attacks. 7. Security information sharing and analysis organizations include National Council of ISACs, Financial Services ISAC, SANS Internet Storm Center, and National Healthcare ISAC. 3
Step 2. Develop a Security Response Plan CHANGE IS UNAVOIDABLE Your incident response team may need to apply security policies quickly during an attack. Determine whether you need to relax your internal approval processes to ensure you can rapidly adapt to changing attack vectors. If your organization is the target of a specific attack campaign, like a DDoS attack or a hacktivist attack, then you should organize an incident response team that will manage security response efforts. The response team may potentially need to be available aroundthe-clock. Depending on the severity of the attack, assign 24x7 coverage to assure that someone is available to respond to new threats, immediately. The security response team will most likely be composed of IT security personnel, but may include members from the networking and application development teams. Red Team Create a “red team”—a team of security engineers that will look for vulnerabilities that attackers could exploit. The red team should evaluate all potential risks including, application, network, end-user, social engineering, and even physical threats. Your Little Black Book of Contacts Prepare a contact list with the names, phone numbers, and email addresses of the following groups: 1. IT security (including members of your security response team), IT operations, networking, application development, database administration, legal, and executive management 2. DNS and Internet Service Providers 3. DDoS Protection Services 4. Relevant security specialists or consultants—for example, record the contact information of field engineers at your web application firewall (WAF), Security Information and Event Management (SIEM), and Intrusion Prevention System (IPS) vendors. You may need to enlist their help when you are under attack. SECURITY TIP DO: Keep your response plan information, network diagrams, and IP address schemes secure. DON’T: Email your network architecture and contact lists to the entire security department or store them in a public file share titled “Steal me first.” 4 Document Network and Server Information Gather network and server information, including: 1. IP addresses of web servers, databases, DNS servers, network firewalls, web application firewalls, database firewalls, and routers and switches 2. Disaster recovery IP addresses, if applicable Also, prepare network architecture diagrams of all data centers at risk. If architecture diagrams already exist, review them, and make sure they are up-to-date.
Notify Executive Management and Employees When you know about an impending attack, inform your executive management team about the threat and provide periodic status updates. In addition, you may need to warn company employees of the attack. For DDoS attacks, notify all relevant users of potential application or network downtime. If your organization faces a hacktivist attack or a targeted attack, instruct users to update any non-secure passwords and educate them about the risk of phishing attacks. Prepare your IT personnel for social engineering threats. Ask them to verify any IT helpdesk and password change requests. Hackers may resort to physical attacks when necessary. Secure employee laptops, cables, and network devices. Establish a War Room ASSIGN A “GENERAL” for the war room. This person will be in charge of all high-level security decisions during the attack. Designate a war room that will be “ground zero” for all planning and communications during the web attack. The war room will be a centralized place to review security updates and to strategize defense schemes. Choose a location to conduct security operations such as an existing Security Operations Center (SOC), Network Operations Center (NOC), or even a private conference room. Step 3. Locate and Assess Servers and Applications Even if you have documented your servers in network architecture diagrams, it is still important to scan your network for rogue servers and applications. Application developers or QA testers may have spun up new web applications or databases; other departments may have deployed unsanctioned applications. Until you have scanned your network and located all servers and applications, you cannot completely assess your risks. Classify, Classify, Classify Once you have located your applications and databases, determine which ones contain sensitive data like Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card numbers, or intellectual property. Determine which applications are needed for your business to function properly. Even if your corporate website does not contain sensitive information, it may still be a top target for attack, because it is the most visible to customers and partners. Once you have identified your servers and applications and determined which are the highest risk, prioritize your efforts on these assets. 5
Look at the Cloud Digital assets today are not just limited to the devices on the physical network. Be sure to locate third-party applications like CRM systems, intranet applications, email applications, and internally developed websites that are hosted in the cloud. These applications may contain confidential information. Hacktivists have targeted externally hosted applications in the past, so it is essential to make sure these applications are secure. Scan Your Network and Applications for Vulnerabilities USE A COMBINATION OF DIFFERENT SCANNERS to test your applications. Each scanner may find unique vulnerabilities. One of the most important steps for fortifying your applications is to test them for vulnerabilities. Scan your servers and networking devices for system vulnerabilities and unpatched software. More importantly, scan your web applications using a purpose-built web application scanner. Network scanners are a starting point, but only web application scanners will uncover the application vulnerabilities that hackers are most likely to exploit. Do not limit your assessments to your corporate website. Scan all of your applications, including partner portals, CRM applications, extranets, and other potential attack targets. All of these sites could be brought down by hackers and, therefore, damage your company’s brand. INCLUDE THE SAME TOOLS USED BY HACKTIVISTS—such as the Havij SQL injection tool and free application scanners—in your scanning arsenal. To prepare for an application DDoS attack, analyze the URLs in your applications that connect to a backend database and could potentially be an attack target, such as the login, registration, password change, or search pages. Submit application forms with characters like wildcards to determine if they are susceptible to business logic exploits. Once you have scanned your applications, fix identified vulnerabilities and rescan your applications. If time constraints prevent you from fixing all vulnerabilities, then focus your efforts on virtually patching critical vulnerabilities in your high-risk applications. Assess Databases Since sensitive data is typically stored in databases, verify these databases are secure by scanning them for vulnerabilities and configuration flaws. Based on the assessment results, determine if you need to apply any operating system or database security patches or any configuration changes. To strengthen the security of your database servers, delete default database user accounts and disable unnecessary services like vulnerable database listeners. To fortify the underlying server from attack, disable any unneeded services such as Telnet, FTP and rlogin. 6
Step 4. Strengthen Application, Network, and End-Point Security Controls After you have assessed and patched your applications and servers, you can ratchet up your defenses. To thwart a web attack, you should apply stricter web application, network and server-level security policies. Protect Network Devices and Servers To prevent network and server attacks: • Enforce stringent network firewall and Intrusion Prevention System (IPS) policies. Restrict inbound traffic to your web application servers to necessary services like HTTP and HTTPS. Configure IPS policies to block high and critical security violations. • Install anti-virus or anti-malware software on your servers. Make sure virus, malware, and spyware definition files are up-to-date. • Configure your database firewall to virtually patch unpatched vulnerabilities. The database firewall can also control access and block unauthorized queries to the database. Lockdown Web Applications WORK CLOSELY WITH APPLICATION DEVELOPERS when enforcing stricter profile policies. Developers can help analyze the profile for accuracy. They can also review security alerts to ensure that your new, heightened security controls did not block legitimate requests. Since the web application is the ultimate target of a web attack, organizations must focus their efforts on tuning and testing their web application firewall to stave off an impending attack. The following reflects a list of best practices to ensure your WAF will block all online threats. • Review and tune the web application profile—also called the “white list” security model. Confirm that the profile is accurate: – Check for URLs or directories that have been removed from the website, but still appear in the profile. – Review acceptable characters and parameter value lengths in the profile and look for irregularities in the profile. – Compare the application profile to vulnerability scan results to make sure that all URLs in assessment reports appear in the application profile and all URLs in the profile have been assessed by the scanner. – Tighten profile policies to block on white-list security violations like parameter values with unauthorized characters such as brackets and question marks. Block excessively long form field values to prevent buffer overflows and SQL injection attacks. • Configure the WAF to enforce HTTP protocol compliance. Review and tune protocolrelated security policies like double encoding, extremely long URLs, and malformed Apache URI messages. Enforcing HTTP protocol compliance, at least during the attack, will foil evasion techniques, as well as buffer overflow and DoS exploits. • Ensure that standard web application firewall policies such as SQL injection and crosssite scripting (XSS) are enabled. All high risk attacks, such as directory traversal, remote file inclusion (RFI), local file inclusion (LFI,) and cross-site request forgery (CSRF), should be blocked. 7
• Block malicious sources that have attacked other websites. Leverage intelligence from the global community to stop malicious users and malicious attack strings used against your peers. • Web application firewalls can detect requests from common scanning and hacking tools like Nikto, Paros, and Nessus based on header agent information. They can also block scanning tools by detecting a frequent number of security violations in a short period of time. To prevent attackers from uncovering vulnerabilities in your site, configure your WAF to block scanners and website reconnaissance. If your organization hosts customer-facing, partner, or extranet applications in the cloud, ensure that these applications are protected by a WAF. Various solutions exist to safeguard hosted applications, including Security as a Service (SaaS) and virtual appliance-based web application firewalls. Prevent Application DDoS Attacks ALWAYS ON Make sure you can manage all of your security products from an out-of-band network. Otherwise, they may be unreachable when you need them most—at the peak of a DDoS attack. Application-layer DDoS attacks, which account for over 25% of all DDoS attacks, are designed to overwhelm application resources or exploit application vulnerabilities. To stop application DDoS attacks, configure the following policies. • Block high rates of requests in a short period of time by user, by IP address, and by session. For this DDoS mitigation rule and many of the subsequent rules, configure extended blocking policies—block the offending user for minutes or even hours after the initial violation. • Block users that download large amounts of data in a short period of time. In addition, to prevent attackers from overwhelming server resources, block users that request multiple files with extensions like “.pdf”, “.mp3”, “.mpg”, or “.mp4” in a short period of time. • Block users that initiate multiple requests that cause extremely slow web server response times. Such users may be exploiting business logic flaws in the application. In addition, block users that perform multiple HTTP requests that result in web server errors, like 400, 405, or 503 error codes. • Limit requests to high-risk URLs such as login pages and search pages. These pages are frequent attack targets. To prevent DDoS attacks targeting login pages, create policies that prevent: A.  An excessive number of failed logins B.  Multiple successful logins from the same user • Many application DDoS attacks are launched by botnets. In addition, many attackers attempt to cloak their identity by using anonymizing services. To stop these high-risk sources, block known malicious IP addresses, anonymous proxies, and Tor networks. • For hacktivist attacks, targeted organizations can monitor social media sites to learn which DDoS tools will be used to conduct the attack. To develop laser-precise DDoS mitigation policies, download the DDoS tool and test it. Look for unusual header or payload strings that can be used to create custom attack signatures. Then define new policies in your web application firewall to block these DDoS tools. 8
Use Cloud-Based DDoS Mitigation Services to Stop Network DDoS Threats PREPARE! To reduce the risk of downtime, develop bot mitigation and rate control policies before the attack occurs. Then, enable and adjust the policies when you are under attack. To combat network-layer, or volumetric, DDoS attacks, your network must be able to handle large volumes of traffic—to the tune of tens of gigabits, or even hundreds of gigabits, of traffic per second. To avoid expensive infrastructure and Internet bandwidth costs, many organizations rely on a cloud-based DDoS service to mitigate DDoS attacks. Cloud DDoS mitigation services can scale on-demand to prevent massive attacks and ensure that malicious traffic never reaches your network. When evaluating DDoS mitigation services, consider the following capabilities: • Can the service block both network and application DDoS attacks? • Can the service accurately detect bots? Can it present various challenges like browser checks and CAPTCHA tests to ensure that only malicious bots are blocked? • Does the service support anycast DNS routing to ensure that its own DDoS filtering datacenters aren’t targeted for attack? • Does the service offer around-the-clock monitoring and tuning from security specialists? Step 5. Counter the Attack: Monitoring and Tuning Procedures When Under Attack “ repare for a cyberP attack as you would prepare for a hurricane. Have a strategy, supplies, and batten down the hatches before the storm starts. When it does start, stay calm and focus on protecting your most important assets.” –Cyber Security Expert in Florida Once the web attack is underway, your security response team should devote all available resources to monitor and manage the attack. For intense attacks, you may need to assign shifts to ensure coverage at night and on weekends. Your security response team should continuously review security alerts from your web application firewalls. • If attacks are coming from a specific geographic region, create policies to block requests from that region, if it does not represent an important segment of your customer base. • Analyze bot activity and determine which URLs bots are targeting. Create bot mitigation rules that block bots from accessing those URLs. • Look for attack patterns and tune policies to block those attacks. For example, if you determine that hackers are attacking a search page, create a policy to block users if they perform 10 search requests in a minute. Create a second policy to block users for 4 hours if they perform 25 requests in 10 minutes. Make it challenging for hackers to recognize the thresholds. In addition to reviewing application security alerts and adjusting policies, monitor alerts from other networking and security equipment. • Review log messages from your database firewall; look for unusual activity indicative of a breach. • Analyze security alerts from network performance monitoring tools to detect bursts of traffic or performance issues. • Examine aggregated log messages from routers, switches, web servers, and network security tools in your SIEM. 9
Continue reviewing social media, hacker forums, Internet Relay Chat (IRC) rooms, and sites that catalog website defacements 8 for attack information or evidence that your site has been penetrated. Hacktivists often use the phrase “#TangoDown” on IRC channels to announce they have brought a website down. Depending on the impact of the attack, it may be necessary to inform your organization’s public relations and legal teams of any website outages or data breaches. Step 6. Bring in the Experts: Optional Security Consulting Services If you face an impending attack and you’re worried your organization might not have the experience or the expertise to counter it efficiently, consider engaging outside consultants to assist you through the process. Security consultants can help you prepare for an attack by evaluating your application infrastructure for weaknesses. They can also review your application defenses and help you fine-tune the policies of your security products, such as your web application firewall. Security consultants can act as an extension of your own security response team during the attack, helping you monitor web attack traffic and adjust mitigation rules accordingly. Based on their extensive experience defeating web attacks, they can help ensure that your organization is well defended against any type of attack. Step 7. Conduct a Post Mortem of the Attack According to several interview sources, when the web attack is over, the first order of business for your security response team will often be “to get a beer.” 9 After enduring a stressful and prolonged web attack, your security engineers will need some time to recover. However, once the dust has settled, your organization should conduct a post-mortem of the attack. As part of the post-mortem, review the impact of the attack. Analyze security reports from your web application firewall to investigate attack trends. Examine alert logs from your WAF, your SIEM, and your network monitoring tools. Your post-mortem assessment should address the following questions: • Did your network suffer any downtime during the attack? • Did the attack affect application performance or latency? • Was any sensitive data compromised? • What security technologies and processes were in place? Were they effective? • What improvements can be made in the future? Once you have completed your post-mortem, you will be better prepared to tackle future web attacks. 8. Zone-H lists recent of Website defacements at www.zone-h.org/archive. 9. Non-alcoholic beer and coffee are suitable alternatives. 10
Conclusions and Recommendations Web attacks vary drastically. A script kiddie probing an online retailer for credit card numbers uses starkly different attack methods than hacktivists trying to take down a Fortune 50 banking site. Attack tools change over time—hackers develop new attack tools to evade signature detection and outwit application developers. As a result, your response will need to be flexible. By including interviews with a number of security experts on the front lines of cyberwarfare—the consultants that help enterprises prepare for, and triage attacks every day, and the security professionals that have locked down their own websites against attack—this survival guide successfully covers a vast swath of today’s attacks. It provides an excellent starting point for any organization facing an imminent attack. Regardless of their motivation, most hackers target websites they deem potentially vulnerable. Once they have exhausted their portfolio of attack techniques, they will move on to the next potential victim. As a result, if organizations can make their websites seemingly impenetrable to attack by implementing ironclad defenses such as real-time attack blocking, anti-automation, multi-gigabit bandwidth elasticity, and session protection, then hackers will move to easier prey. By following the best practices outlined in the Web Attack Survival Guide, organizations can fortify their websites against threats like hacktivist attacks, application DDoS, and industrialized cyber-attacks. 11
Data Center Security Solutions Imperva, pioneering the third pillar of enterprise security, fills the gaps in traditional security by directly protecting the high-value applications and data assets in physical and virtual data centers. Over 2600 customers in more than 75 countries rely on our SecureSphere® platform to safeguard their business. DATABASE SECURITY PRODUCTS Database Activity Monitoring Full auditing and visibility into database data usage Database Firewall Activity monitoring and real-time protection for critical databases Discovery and Assessment Server Vulnerability assessment, configuration management, and data classification for databases User Rights Management for Databases Review and manage user access rights to sensitive databases ADC Insights Pre-packaged reports and rules for SAP, Oracle EBS, and PeopleSoft compliance and security FILE SECURITY PRODUCTS File Activity Monitoring Full auditing and visibility into file data usage File Firewall Activity monitoring and protection for critical file data SecureSphere for SharePoint Visibility and analysis of SharePoint access rights and data usage, and protection against Web‑based threats Directory Services Monitoring Audit, alert, and report on changes made in Microsoft Active Directory User Rights Management for Files Review and manage user access rights to sensitive files WEB APPLICATION SECURITY PRODUCTS Web Application Firewall Accurate, automated protection against online threats ThreatRadar Reputation Services Leverage reputation data to stop malicious users and automated attacks ThreatRadar Fraud Prevention Stop fraud malware and account takeover quickly and easily Share this White Paper with Your Network www.imperva.com © Copyright 2013, Imperva. All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva. All other brand or product names are trademarks or registered trademarks of their respective holders. WP-WASG-0813.1

Recommended

2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016Andrey Apuhtin
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportGeneva Business School Myanmar Campus
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017PaladionNetworks01
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 

Recommended

2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
Midyear security-report-2016
Midyear security-report-2016Midyear security-report-2016
Midyear security-report-2016Andrey Apuhtin
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
Akamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalAkamai___WebSecurity_eBook_Final
Akamai___WebSecurity_eBook_FinalCheryl Goldberg
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportGeneva Business School Myanmar Campus
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017PaladionNetworks01
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016The Internet of Things
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportJames Gachie
 
Cisco Annual Security Report
Cisco Annual Security ReportCisco Annual Security Report
Cisco Annual Security ReportThe Internet of Things
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat FireEye, Inc.
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill ChainEMC
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018malvvv
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses- Mark - Fullbright
 
Medical Identity Theft - Electronic Medical Records
Medical Identity Theft - Electronic Medical RecordsMedical Identity Theft - Electronic Medical Records
Medical Identity Theft - Electronic Medical Records- Mark - Fullbright
 
Health Care Cyberthreat Report
Health Care Cyberthreat ReportHealth Care Cyberthreat Report
Health Care Cyberthreat Report- Mark - Fullbright
 
WHERE TO WRITE FOR VITAL RECORDS
WHERE TO WRITE FOR VITAL RECORDSWHERE TO WRITE FOR VITAL RECORDS
WHERE TO WRITE FOR VITAL RECORDS- Mark - Fullbright
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAmazon Web Services
 

More Related Content

What's hot

Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016TierPoint
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreRadware
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016The Internet of Things
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportJames Gachie
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat FireEye, Inc.
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill ChainEMC
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018malvvv
 

What's hot (17)

Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep Discovery
 
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving TheatreThe Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
The Art of Cyber War: Cyber Security Strategies in a Rapidly Evolving Theatre
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security Report
 
Cisco Annual Security Report
Cisco Annual Security ReportCisco Annual Security Report
Cisco Annual Security Report
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
 
M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat M-Trends® 2012: An Evolving Threat
M-Trends® 2012: An Evolving Threat
 
Stalking the Kill Chain
Stalking the Kill ChainStalking the Kill Chain
Stalking the Kill Chain
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018
 

Viewers also liked

Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses- Mark - Fullbright
 
Medical Identity Theft - Electronic Medical Records
Medical Identity Theft - Electronic Medical RecordsMedical Identity Theft - Electronic Medical Records
Medical Identity Theft - Electronic Medical Records- Mark - Fullbright
 
Health Care Cyberthreat Report
Health Care Cyberthreat ReportHealth Care Cyberthreat Report
Health Care Cyberthreat Report- Mark - Fullbright
 
WHERE TO WRITE FOR VITAL RECORDS
WHERE TO WRITE FOR VITAL RECORDSWHERE TO WRITE FOR VITAL RECORDS
WHERE TO WRITE FOR VITAL RECORDS- Mark - Fullbright
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAmazon Web Services
 

Viewers also liked (6)

Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
 
Medical Identity Theft - Electronic Medical Records
Medical Identity Theft - Electronic Medical RecordsMedical Identity Theft - Electronic Medical Records
Medical Identity Theft - Electronic Medical Records
 
Health Care Cyberthreat Report
Health Care Cyberthreat ReportHealth Care Cyberthreat Report
Health Care Cyberthreat Report
 
WHERE TO WRITE FOR VITAL RECORDS
WHERE TO WRITE FOR VITAL RECORDSWHERE TO WRITE FOR VITAL RECORDS
WHERE TO WRITE FOR VITAL RECORDS
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
 
Web Security
Web SecurityWeb Security
Web Security
 

Similar to Web Attack Survival Guide

F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsHappiest Minds Technologies
 
Exploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat LandscapeExploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat Landscapecyberprosocial
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...cyberprosocial
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paperRenny Shen
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
DDoS Report.docx
DDoS Report.docxDDoS Report.docx
DDoS Report.docxTushar Mathur
 

Similar to Web Attack Survival Guide (20)

F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest MindsWhitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
Whitepaper: BATTLING IT OUT: APPLICATION AND MOBILE SECURITY - Happiest Minds
 
Exploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat LandscapeExploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat Landscape
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 
DDoS Report.docx
DDoS Report.docxDDoS Report.docx
DDoS Report.docx
 

More from - Mark - Fullbright

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019- Mark - Fullbright
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report- Mark - Fullbright
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020- Mark - Fullbright
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019- Mark - Fullbright
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019- Mark - Fullbright
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...- Mark - Fullbright
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)- Mark - Fullbright
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 - Mark - Fullbright
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft- Mark - Fullbright
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017- Mark - Fullbright
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business- Mark - Fullbright
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business- Mark - Fullbright
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report- Mark - Fullbright
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016- Mark - Fullbright
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015- Mark - Fullbright
 

More from - Mark - Fullbright (20)

ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
IC3 2019 Internet Crime Report
IC3 2019 Internet Crime ReportIC3 2019 Internet Crime Report
IC3 2019 Internet Crime Report
 
Police, Protesters, Press, 2020
Police, Protesters, Press, 2020Police, Protesters, Press, 2020
Police, Protesters, Press, 2020
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
FCPA Guidance 2020
FCPA Guidance 2020FCPA Guidance 2020
FCPA Guidance 2020
 
Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019Consumer Sentinel Network Data Book 2019
Consumer Sentinel Network Data Book 2019
 
CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019CFPB Consumer Reporting Companies 2019
CFPB Consumer Reporting Companies 2019
 
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
Advisory to Financial Institutions on Illicit Financial Schemes and Methods R...
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
2018 Privacy & Data Security Report
2018 Privacy & Data Security Report2018 Privacy & Data Security Report
2018 Privacy & Data Security Report
 
Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018 Consumer Sentinel Network Data Book 2018
Consumer Sentinel Network Data Book 2018
 
Credit Score Explainer
Credit Score ExplainerCredit Score Explainer
Credit Score Explainer
 
The Geography of Medical Identity Theft
The Geography of Medical Identity TheftThe Geography of Medical Identity Theft
The Geography of Medical Identity Theft
 
Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017Consumer Sentinel Data Book 2017
Consumer Sentinel Data Book 2017
 
Protecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for BusinessProtecting Personal Information: A Guide for Business
Protecting Personal Information: A Guide for Business
 
Data Breach Response: A Guide for Business
Data Breach Response: A Guide for BusinessData Breach Response: A Guide for Business
Data Breach Response: A Guide for Business
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016Consumer Sentinel Network Data Book for January 2016 - December 2016
Consumer Sentinel Network Data Book for January 2016 - December 2016
 
Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015Consumer Sentinel Data Book 2015
Consumer Sentinel Data Book 2015
 

Recently uploaded

Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 

Recently uploaded (20)

Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 

Web Attack Survival Guide

  • 1. WHITE PAPER Web Attack Survival Guide What Is Your Worst Security Nightmare? Receiving a “ransom note” with an ultimatum to pay millions of dollars or to watch your company’s website buckle under a deluge of DDoS requests? Or opening an ominous Google alert that reveals your company is the next target of a hacktivist campaign? Or discovering the application framework that powers your website is riddled with vulnerabilities—and learning it will take months to fix them? What Do You Do When Your Worst Nightmare Becomes Reality? The Web Attack Survival Guide describes today’s application threat landscape, including the attack methods and tools used by hacktivists and cybercriminals. It explains the processes and the technologies you can use to safeguard your website from attack. It also helps you prioritize security efforts and it lists security tips and tricks that you might otherwise have overlooked. After reading the Web Attack Survival Guide, you will be able to confidently face an impending web attack with a well-thought out strategy. A Blueprint for Web Attack Survival 1 2 3 4 5 6 7 Understand the Threat Actor Develop a Security Response Plan Locate and Assess Applications and Servers Strengthen Application, Network, and End-Point Security Controls Counter the Attack: Monitoring and Tuning Procedures When Under Attack Bring in the Experts: Optional Security Consulting Services Conduct a Post Mortem of the Attack
  • 2. The State of Application Security The Application Threat Landscape 74% of organizations received a DDoS attack in the past year 1 86% of all websites have at least one serious vulnerability 2 75% of all cyber-attacks target web applications 3 33% of all websites had at least one serious vulnerability every day of the year in 2012 4 Web applications sit at the top of the list of hackers’ favorite attack targets. In fact, 75% of all cyber-attacks target web applications. Most websites suffer dozens of attacks per day and some sites sustain, on average, up to 26 attacks per minute. While web attacks are not new—they have existed since the dawn of the Internet—one attack trend is the emergence of hacktivism and prolonged attack campaigns. Rise of Hacktivism Hacktivism vaulted onto the scene and into the collective imagination in late 2010, with the emergence of hacktivist groups like Anonymous, LulzSec, and Anti-Sec. Initially targeting financial institutions, Anonymous and its imitators quickly moved on to dozens of other government and business targets. Within two years, 58% of all data theft 5 was attributed to hacktivist attacks. In 2012, new players, like the Syrian Electronic Army, AnonGhost, and Iranian Cyber Army, joined the party and launched a spree of attacks against U.S. banks and other western targets. Many of these attacks combine traditional web attacks, like SQL injection and cross‑site scripting, with Distributed Denial of Service (DDoS) assaults. Hacktivist attacks not only pose public relations disasters for the targeted companies, but many also result in costly data breaches and prolonged website outages. Distributed Denial of Service (DDoS) Attacks Go Commercial Besides the specter of hacktivism, organizations must contend with DDoS attacks launched by competitors or cyber extortionists. These industrialized DDoS attacks can be extraordinarily powerful—hundreds of times greater than typical bandwidth levels, reaching over 300 Gbps or more. And DDoS attacks are becoming more advanced in order to outwit conventional security controls. Instead of simply inundating targets with a flood of TCP or UDP packets, many DDoS attacks now exploit application and database flaws. Fighting Back DDoS Attack Tools Used by Hacktivist and Commercial DDoS Services Every day, hackers unleash massive attack campaigns designed to take websites offline, steal confidential data, and deface content. Fortunately, organizations can prepare for and repel these attacks. Based on feedback from application security consultants and from IT security personnel on the front lines of attack, this survival guide lays out a step-by-step plan to fend off web threats. 1. “2012 Data Breach Investigations Report,” Verizon Business, 2012 2. “WhiteHat website Security Statistic Report,” WhiteHat Security, 12th Edition 3. Gartner Research 4. “State of Web Security,” Ponemon Institute 5. 2012 Data Breach Investigations Report,” Verizon Business, 2012 2
  • 3. Web Attack Survival: Step-by-Step Strategy Step 1. Understand the Threat Actor To prepare for an attack, the first step is to understand the threat actor. What enemy do you face? A well-known hacktivist group such as Anonymous or the Syrian Electronic Army? A script kiddie? Industrialized cybercriminals? Research their attack techniques and identify the tools that they use. “ f you know your I enemies and know yourself, you will not be imperiled in a hundred battles... if you do not know your enemies nor yourself, you will be imperiled in every single battle.” –Sun Tzu, The Art of War 6 Monitor Social Media If hacktivists have threatened your organization, then track social media sites such as Twitter, Facebook, and YouTube for updates about their attack methods and timelines. Hacktivists may discuss vulnerabilities or weak points of your site. Hacktivist groups will also disclose the types of DDoS attack tools that volunteer recruits can use to attack your site. Armed with this information, you can create application security signatures to easily block these attack tools. With several recent attacks, hacktivists have published “booster packs” that configure attack tools to exploit web vulnerabilities or URLs in the targeted websites. Be aware of the contents of these booster packs, so you can implement policies to repulse them. Profiling cybercriminals is more challenging than profiling hacktivists, simply because cybercriminals do not advertise their methods or strategies. Unless you monitor hacker forums, your best option is to talk to peers in your industry about attack sources, techniques, and tools.7 Be sure to read hacker intelligence reports and security research that pertain to your industry. 6. Although over-quoted, Sun Tzu’s suggestions—from preparation, to the art of deception, to battle tactics—are surprisingly apropos for defending against web attacks. 7. Security information sharing and analysis organizations include National Council of ISACs, Financial Services ISAC, SANS Internet Storm Center, and National Healthcare ISAC. 3
  • 4. Step 2. Develop a Security Response Plan CHANGE IS UNAVOIDABLE Your incident response team may need to apply security policies quickly during an attack. Determine whether you need to relax your internal approval processes to ensure you can rapidly adapt to changing attack vectors. If your organization is the target of a specific attack campaign, like a DDoS attack or a hacktivist attack, then you should organize an incident response team that will manage security response efforts. The response team may potentially need to be available aroundthe-clock. Depending on the severity of the attack, assign 24x7 coverage to assure that someone is available to respond to new threats, immediately. The security response team will most likely be composed of IT security personnel, but may include members from the networking and application development teams. Red Team Create a “red team”—a team of security engineers that will look for vulnerabilities that attackers could exploit. The red team should evaluate all potential risks including, application, network, end-user, social engineering, and even physical threats. Your Little Black Book of Contacts Prepare a contact list with the names, phone numbers, and email addresses of the following groups: 1. IT security (including members of your security response team), IT operations, networking, application development, database administration, legal, and executive management 2. DNS and Internet Service Providers 3. DDoS Protection Services 4. Relevant security specialists or consultants—for example, record the contact information of field engineers at your web application firewall (WAF), Security Information and Event Management (SIEM), and Intrusion Prevention System (IPS) vendors. You may need to enlist their help when you are under attack. SECURITY TIP DO: Keep your response plan information, network diagrams, and IP address schemes secure. DON’T: Email your network architecture and contact lists to the entire security department or store them in a public file share titled “Steal me first.” 4 Document Network and Server Information Gather network and server information, including: 1. IP addresses of web servers, databases, DNS servers, network firewalls, web application firewalls, database firewalls, and routers and switches 2. Disaster recovery IP addresses, if applicable Also, prepare network architecture diagrams of all data centers at risk. If architecture diagrams already exist, review them, and make sure they are up-to-date.
  • 5. Notify Executive Management and Employees When you know about an impending attack, inform your executive management team about the threat and provide periodic status updates. In addition, you may need to warn company employees of the attack. For DDoS attacks, notify all relevant users of potential application or network downtime. If your organization faces a hacktivist attack or a targeted attack, instruct users to update any non-secure passwords and educate them about the risk of phishing attacks. Prepare your IT personnel for social engineering threats. Ask them to verify any IT helpdesk and password change requests. Hackers may resort to physical attacks when necessary. Secure employee laptops, cables, and network devices. Establish a War Room ASSIGN A “GENERAL” for the war room. This person will be in charge of all high-level security decisions during the attack. Designate a war room that will be “ground zero” for all planning and communications during the web attack. The war room will be a centralized place to review security updates and to strategize defense schemes. Choose a location to conduct security operations such as an existing Security Operations Center (SOC), Network Operations Center (NOC), or even a private conference room. Step 3. Locate and Assess Servers and Applications Even if you have documented your servers in network architecture diagrams, it is still important to scan your network for rogue servers and applications. Application developers or QA testers may have spun up new web applications or databases; other departments may have deployed unsanctioned applications. Until you have scanned your network and located all servers and applications, you cannot completely assess your risks. Classify, Classify, Classify Once you have located your applications and databases, determine which ones contain sensitive data like Personally Identifiable Information (PII), Personal Healthcare Information (PHI), credit card numbers, or intellectual property. Determine which applications are needed for your business to function properly. Even if your corporate website does not contain sensitive information, it may still be a top target for attack, because it is the most visible to customers and partners. Once you have identified your servers and applications and determined which are the highest risk, prioritize your efforts on these assets. 5
  • 6. Look at the Cloud Digital assets today are not just limited to the devices on the physical network. Be sure to locate third-party applications like CRM systems, intranet applications, email applications, and internally developed websites that are hosted in the cloud. These applications may contain confidential information. Hacktivists have targeted externally hosted applications in the past, so it is essential to make sure these applications are secure. Scan Your Network and Applications for Vulnerabilities USE A COMBINATION OF DIFFERENT SCANNERS to test your applications. Each scanner may find unique vulnerabilities. One of the most important steps for fortifying your applications is to test them for vulnerabilities. Scan your servers and networking devices for system vulnerabilities and unpatched software. More importantly, scan your web applications using a purpose-built web application scanner. Network scanners are a starting point, but only web application scanners will uncover the application vulnerabilities that hackers are most likely to exploit. Do not limit your assessments to your corporate website. Scan all of your applications, including partner portals, CRM applications, extranets, and other potential attack targets. All of these sites could be brought down by hackers and, therefore, damage your company’s brand. INCLUDE THE SAME TOOLS USED BY HACKTIVISTS—such as the Havij SQL injection tool and free application scanners—in your scanning arsenal. To prepare for an application DDoS attack, analyze the URLs in your applications that connect to a backend database and could potentially be an attack target, such as the login, registration, password change, or search pages. Submit application forms with characters like wildcards to determine if they are susceptible to business logic exploits. Once you have scanned your applications, fix identified vulnerabilities and rescan your applications. If time constraints prevent you from fixing all vulnerabilities, then focus your efforts on virtually patching critical vulnerabilities in your high-risk applications. Assess Databases Since sensitive data is typically stored in databases, verify these databases are secure by scanning them for vulnerabilities and configuration flaws. Based on the assessment results, determine if you need to apply any operating system or database security patches or any configuration changes. To strengthen the security of your database servers, delete default database user accounts and disable unnecessary services like vulnerable database listeners. To fortify the underlying server from attack, disable any unneeded services such as Telnet, FTP and rlogin. 6
  • 7. Step 4. Strengthen Application, Network, and End-Point Security Controls After you have assessed and patched your applications and servers, you can ratchet up your defenses. To thwart a web attack, you should apply stricter web application, network and server-level security policies. Protect Network Devices and Servers To prevent network and server attacks: • Enforce stringent network firewall and Intrusion Prevention System (IPS) policies. Restrict inbound traffic to your web application servers to necessary services like HTTP and HTTPS. Configure IPS policies to block high and critical security violations. • Install anti-virus or anti-malware software on your servers. Make sure virus, malware, and spyware definition files are up-to-date. • Configure your database firewall to virtually patch unpatched vulnerabilities. The database firewall can also control access and block unauthorized queries to the database. Lockdown Web Applications WORK CLOSELY WITH APPLICATION DEVELOPERS when enforcing stricter profile policies. Developers can help analyze the profile for accuracy. They can also review security alerts to ensure that your new, heightened security controls did not block legitimate requests. Since the web application is the ultimate target of a web attack, organizations must focus their efforts on tuning and testing their web application firewall to stave off an impending attack. The following reflects a list of best practices to ensure your WAF will block all online threats. • Review and tune the web application profile—also called the “white list” security model. Confirm that the profile is accurate: – Check for URLs or directories that have been removed from the website, but still appear in the profile. – Review acceptable characters and parameter value lengths in the profile and look for irregularities in the profile. – Compare the application profile to vulnerability scan results to make sure that all URLs in assessment reports appear in the application profile and all URLs in the profile have been assessed by the scanner. – Tighten profile policies to block on white-list security violations like parameter values with unauthorized characters such as brackets and question marks. Block excessively long form field values to prevent buffer overflows and SQL injection attacks. • Configure the WAF to enforce HTTP protocol compliance. Review and tune protocolrelated security policies like double encoding, extremely long URLs, and malformed Apache URI messages. Enforcing HTTP protocol compliance, at least during the attack, will foil evasion techniques, as well as buffer overflow and DoS exploits. • Ensure that standard web application firewall policies such as SQL injection and crosssite scripting (XSS) are enabled. All high risk attacks, such as directory traversal, remote file inclusion (RFI), local file inclusion (LFI,) and cross-site request forgery (CSRF), should be blocked. 7
  • 8. • Block malicious sources that have attacked other websites. Leverage intelligence from the global community to stop malicious users and malicious attack strings used against your peers. • Web application firewalls can detect requests from common scanning and hacking tools like Nikto, Paros, and Nessus based on header agent information. They can also block scanning tools by detecting a frequent number of security violations in a short period of time. To prevent attackers from uncovering vulnerabilities in your site, configure your WAF to block scanners and website reconnaissance. If your organization hosts customer-facing, partner, or extranet applications in the cloud, ensure that these applications are protected by a WAF. Various solutions exist to safeguard hosted applications, including Security as a Service (SaaS) and virtual appliance-based web application firewalls. Prevent Application DDoS Attacks ALWAYS ON Make sure you can manage all of your security products from an out-of-band network. Otherwise, they may be unreachable when you need them most—at the peak of a DDoS attack. Application-layer DDoS attacks, which account for over 25% of all DDoS attacks, are designed to overwhelm application resources or exploit application vulnerabilities. To stop application DDoS attacks, configure the following policies. • Block high rates of requests in a short period of time by user, by IP address, and by session. For this DDoS mitigation rule and many of the subsequent rules, configure extended blocking policies—block the offending user for minutes or even hours after the initial violation. • Block users that download large amounts of data in a short period of time. In addition, to prevent attackers from overwhelming server resources, block users that request multiple files with extensions like “.pdf”, “.mp3”, “.mpg”, or “.mp4” in a short period of time. • Block users that initiate multiple requests that cause extremely slow web server response times. Such users may be exploiting business logic flaws in the application. In addition, block users that perform multiple HTTP requests that result in web server errors, like 400, 405, or 503 error codes. • Limit requests to high-risk URLs such as login pages and search pages. These pages are frequent attack targets. To prevent DDoS attacks targeting login pages, create policies that prevent: A.  An excessive number of failed logins B.  Multiple successful logins from the same user • Many application DDoS attacks are launched by botnets. In addition, many attackers attempt to cloak their identity by using anonymizing services. To stop these high-risk sources, block known malicious IP addresses, anonymous proxies, and Tor networks. • For hacktivist attacks, targeted organizations can monitor social media sites to learn which DDoS tools will be used to conduct the attack. To develop laser-precise DDoS mitigation policies, download the DDoS tool and test it. Look for unusual header or payload strings that can be used to create custom attack signatures. Then define new policies in your web application firewall to block these DDoS tools. 8
  • 9. Use Cloud-Based DDoS Mitigation Services to Stop Network DDoS Threats PREPARE! To reduce the risk of downtime, develop bot mitigation and rate control policies before the attack occurs. Then, enable and adjust the policies when you are under attack. To combat network-layer, or volumetric, DDoS attacks, your network must be able to handle large volumes of traffic—to the tune of tens of gigabits, or even hundreds of gigabits, of traffic per second. To avoid expensive infrastructure and Internet bandwidth costs, many organizations rely on a cloud-based DDoS service to mitigate DDoS attacks. Cloud DDoS mitigation services can scale on-demand to prevent massive attacks and ensure that malicious traffic never reaches your network. When evaluating DDoS mitigation services, consider the following capabilities: • Can the service block both network and application DDoS attacks? • Can the service accurately detect bots? Can it present various challenges like browser checks and CAPTCHA tests to ensure that only malicious bots are blocked? • Does the service support anycast DNS routing to ensure that its own DDoS filtering datacenters aren’t targeted for attack? • Does the service offer around-the-clock monitoring and tuning from security specialists? Step 5. Counter the Attack: Monitoring and Tuning Procedures When Under Attack “ repare for a cyberP attack as you would prepare for a hurricane. Have a strategy, supplies, and batten down the hatches before the storm starts. When it does start, stay calm and focus on protecting your most important assets.” –Cyber Security Expert in Florida Once the web attack is underway, your security response team should devote all available resources to monitor and manage the attack. For intense attacks, you may need to assign shifts to ensure coverage at night and on weekends. Your security response team should continuously review security alerts from your web application firewalls. • If attacks are coming from a specific geographic region, create policies to block requests from that region, if it does not represent an important segment of your customer base. • Analyze bot activity and determine which URLs bots are targeting. Create bot mitigation rules that block bots from accessing those URLs. • Look for attack patterns and tune policies to block those attacks. For example, if you determine that hackers are attacking a search page, create a policy to block users if they perform 10 search requests in a minute. Create a second policy to block users for 4 hours if they perform 25 requests in 10 minutes. Make it challenging for hackers to recognize the thresholds. In addition to reviewing application security alerts and adjusting policies, monitor alerts from other networking and security equipment. • Review log messages from your database firewall; look for unusual activity indicative of a breach. • Analyze security alerts from network performance monitoring tools to detect bursts of traffic or performance issues. • Examine aggregated log messages from routers, switches, web servers, and network security tools in your SIEM. 9
  • 10. Continue reviewing social media, hacker forums, Internet Relay Chat (IRC) rooms, and sites that catalog website defacements 8 for attack information or evidence that your site has been penetrated. Hacktivists often use the phrase “#TangoDown” on IRC channels to announce they have brought a website down. Depending on the impact of the attack, it may be necessary to inform your organization’s public relations and legal teams of any website outages or data breaches. Step 6. Bring in the Experts: Optional Security Consulting Services If you face an impending attack and you’re worried your organization might not have the experience or the expertise to counter it efficiently, consider engaging outside consultants to assist you through the process. Security consultants can help you prepare for an attack by evaluating your application infrastructure for weaknesses. They can also review your application defenses and help you fine-tune the policies of your security products, such as your web application firewall. Security consultants can act as an extension of your own security response team during the attack, helping you monitor web attack traffic and adjust mitigation rules accordingly. Based on their extensive experience defeating web attacks, they can help ensure that your organization is well defended against any type of attack. Step 7. Conduct a Post Mortem of the Attack According to several interview sources, when the web attack is over, the first order of business for your security response team will often be “to get a beer.” 9 After enduring a stressful and prolonged web attack, your security engineers will need some time to recover. However, once the dust has settled, your organization should conduct a post-mortem of the attack. As part of the post-mortem, review the impact of the attack. Analyze security reports from your web application firewall to investigate attack trends. Examine alert logs from your WAF, your SIEM, and your network monitoring tools. Your post-mortem assessment should address the following questions: • Did your network suffer any downtime during the attack? • Did the attack affect application performance or latency? • Was any sensitive data compromised? • What security technologies and processes were in place? Were they effective? • What improvements can be made in the future? Once you have completed your post-mortem, you will be better prepared to tackle future web attacks. 8. Zone-H lists recent of Website defacements at www.zone-h.org/archive. 9. Non-alcoholic beer and coffee are suitable alternatives. 10
  • 11. Conclusions and Recommendations Web attacks vary drastically. A script kiddie probing an online retailer for credit card numbers uses starkly different attack methods than hacktivists trying to take down a Fortune 50 banking site. Attack tools change over time—hackers develop new attack tools to evade signature detection and outwit application developers. As a result, your response will need to be flexible. By including interviews with a number of security experts on the front lines of cyberwarfare—the consultants that help enterprises prepare for, and triage attacks every day, and the security professionals that have locked down their own websites against attack—this survival guide successfully covers a vast swath of today’s attacks. It provides an excellent starting point for any organization facing an imminent attack. Regardless of their motivation, most hackers target websites they deem potentially vulnerable. Once they have exhausted their portfolio of attack techniques, they will move on to the next potential victim. As a result, if organizations can make their websites seemingly impenetrable to attack by implementing ironclad defenses such as real-time attack blocking, anti-automation, multi-gigabit bandwidth elasticity, and session protection, then hackers will move to easier prey. By following the best practices outlined in the Web Attack Survival Guide, organizations can fortify their websites against threats like hacktivist attacks, application DDoS, and industrialized cyber-attacks. 11
  • 12. Data Center Security Solutions Imperva, pioneering the third pillar of enterprise security, fills the gaps in traditional security by directly protecting the high-value applications and data assets in physical and virtual data centers. Over 2600 customers in more than 75 countries rely on our SecureSphere® platform to safeguard their business. DATABASE SECURITY PRODUCTS Database Activity Monitoring Full auditing and visibility into database data usage Database Firewall Activity monitoring and real-time protection for critical databases Discovery and Assessment Server Vulnerability assessment, configuration management, and data classification for databases User Rights Management for Databases Review and manage user access rights to sensitive databases ADC Insights Pre-packaged reports and rules for SAP, Oracle EBS, and PeopleSoft compliance and security FILE SECURITY PRODUCTS File Activity Monitoring Full auditing and visibility into file data usage File Firewall Activity monitoring and protection for critical file data SecureSphere for SharePoint Visibility and analysis of SharePoint access rights and data usage, and protection against Web‑based threats Directory Services Monitoring Audit, alert, and report on changes made in Microsoft Active Directory User Rights Management for Files Review and manage user access rights to sensitive files WEB APPLICATION SECURITY PRODUCTS Web Application Firewall Accurate, automated protection against online threats ThreatRadar Reputation Services Leverage reputation data to stop malicious users and automated attacks ThreatRadar Fraud Prevention Stop fraud malware and account takeover quickly and easily Share this White Paper with Your Network www.imperva.com © Copyright 2013, Imperva. All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva. All other brand or product names are trademarks or registered trademarks of their respective holders. WP-WASG-0813.1