STORIES FROM THE SECURITY OPERATIONS CENTER (S.O.C.)

Paul Fletcher

Cyber Security Evangelist, Alert Logic

Complexity of defending web applications and workloads

Web App

AttacksOWASP

Top 10

Platform /

Library

Attacks

System /

Network

Attacks

Network Topology

Popular Web Application Attacks

Source: blog.sucuri.net

Recent SQL Injection Vulnerabilities

Today’s Attacks Have Several Stages

Initial Attack:

Word Press

XMLRPC Attack

Initial Attack: Word Press XMLRPC Attack

Athletic Apparel Shop Brick & Mortar and e-commerce

Application stack Custom code written in XML

Word Press content management system

MySQL database

Detection method Intrusion Detection System (IDS)

Log collection and analysis

Web Application Firewall (WAF)

Word Press XMLRPC Attack

Word Press XMLRPC Attack

Word Press XMLRPC Attack

Mitigating WP XMLRPC Attacks

Mitigating WP XMLRPC Attacks

Mitigating WP XMLRPC Attacks

Exfiltration:

SQL Injection

Exfiltration: SQL Injection Attack

SQL Injection Attack

SQL Injection Attack

What do you see?

Attack:

Response:

SQL Injection Attack

Impact of Web App Attacks – Key Takeaways

• Web Apps are becoming more prevalent in organizations

- Use of open source versus traditional applications

• Web App attacks are “gateway” attacks

- Yahoo breach started with a Word Press hack

- 9,000 C&C servers compromised by Word Press hack

- Shadow IT

• Early Stage Detection

- Prevents our customers from dealing with large scale breaches

How Alert Logic Detects Threats

Thank You.