|
OWASP AppSecUSA 2014 - Reversing Engineering a Web Application - For Fun, Behavior and WAF Detection |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
OWASP AppSecUSA 2014 - Reversing Engineering a Web Application - For Fun, Behavior and WAF Detection Par SecurityTube.NetLe [2014-11-10] à 09:20:20
Présentation : Reversing Engineering a Web Application - For Fun, Behavior WAF Detection Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day by day. By analyzing thousands upon thousands of infections, we noticed that regular blacklisting is increasingly failing and we started research on a new approach to mitigate the problem. Initially reverse engineering the most popular CMS applications such as Joomla, vBulletin and WordPress, which led to us creating a way to detect attackers based on whitelist protection in combination with behavior analysis. Integrating traffic analysis with log correlation, resulting in more than 2500 websites now being protected, generating 2 to 3 million alerts daily with a low false positive rate. In this presentation we will share some of our research, their results and how we have maintained WAF Web Application Firewall , using very low CPU processes and high detection rates. Detailed Outline - Current method of detection We'll show how WAF operates today, allowing us to emphasize our unique approach - Reverse engineering a CMS application In this step we'll show how we reverse engineered a CMS Application to understand its fragility and common attack vectors - Setting up honeypots We'll share our work with honeypots which gathered data in real time during massive attacks on popular CMS applications - Identifying behavior analyzing data to understand points to be considered when creating counter measures and evaluating the best approach to each type of attack type - Creating countermeasures using behaviour information, CMS vulnerabilities and attack methods spreading in the wild, we'll show how we created better signatures specific to each CMS based on the knowledge acquired during research on each one of them - Live analysis merging everything together and seeing the tool operate live, well-tuned, blocking specific attacks, with improving low false-positive rate in an effective and efficient manner Speaker Rodrigo Montoro Senior Security Administrator, Sucuri Security Rodrigo Sp0oKeR Montoro has 15 years experience deploying open source security software firewall, IDS, IPS, HIDS, log management and hardening systems. Currently he is Senior Security Administrator at Sucuri Security. Before Sucuri he worked at Spiderlabs as a researcher where he focused on IDS IPS Signatures, ModSecurity rules, and new detection research. For More Information please visit - http 2014.appsecusa.org 2014
Les mots clés de la revue de presse pour cet article : reversing engineering Les videos sur SecuObs pour les mots clés : appsecusa reversing engineering Les mots clés pour les articles publiés sur SecuObs : engineering Les éléments de la revue Twitter pour les mots clé : engineering
Les derniers articles du site "SecurityTube.Net" :
- TROOPERSCON - Crypto code the 9 circles of testing - TROOPERSCON - Towards a LangSec Aware SDLC - TROOPERSCON - Deep dive into SAP archive file formats - TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable - TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account - TROOPERSCON - One Tool To Rule Them All - TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics - TROOPERSCON - The Chimaera Processor - TROOPERSCON - Lets Play Hide and Seek in the Cloud - TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|