Login|Japanese
March 05, 2010
 Adding Reputation to Your Web Application Security Strategy - Podcast

On this episode of the Imperva Security Podcast Eldad Chai -- Imperva Web Application Firewall Product Manager, is interviewed.

Eldad talks about adding reputation to an application security strategy, anti-automation, and adaptive response.

He goes into detail on Imperva's ThreatRadar solution- what it is, how it's used, and what customers can expect to gain from it. He covers specific threat examples such as automated attacks and business logic attacks and how they can be addressed beyond blocking and alerting with capabilities such as CAPTCHA, challenge-response, redirection and more.

Related information

Next Generation Web Application Firewalls

Industrialization of Hacking

THE-FONZ_s1-274 

 

 

March 04, 2010
 Tell Me Your IP and I’ll Tell You Who You Are

RSA San Francisco 2010

On Thursday, March 04 08:00 AM Tall Beery (Imperva Web Research Team Leader) and I will be presenting the topic:  Tell Me Your IP and I’ll Tell You Who You Are.  The RSA ID is NMS-301 and it will be in Orange Room #306.

Abstract 

IP addresses are considered an unreliable method for attack detection. The session demonstrates how information derived from IP addresses can be used to improve attack detection capabilities. The presentation discusses attributes such as Geo Location, Anonymous Proxy lists etc. The presentation is supported by corroborative evidence derived from actual log data and demonstrates some analysis tools.

Prevent-identity-theft 

 Stop by our booth at RSA

 

March 03, 2010
 Staring at the Beast: Six-Months of Attack Vector Research

RSA San Francisco 2010

On Wednesday, March 03 08:00 AM Tall Beery (Imperva Web Research Team Leader) and I will be presenting the topic:  Staring at the Beast: Six-Months of Attack Vector Research.  The RSA ID is SIP-201 and it will be in Orange Room #307.

Abstract 

Security officers and vendors alike must look beyond traditional vulnerability information and become privy to the true activities of attackers. The intelligence gathered through such data collection efforts provides insight into the actual focus of hackers, current attack trends, behavioral patterns of attack, and attack tools. This session will examine data to enable us to create more effective security policies and tools in a timely manner.

Beast 

 Stop by our booth at RSA

 

March 02, 2010
 Next Generation Web Application Firewall Podcast

In addition to the Next Generation Web Application Firewall (NG-WAF) Whitepaper Imperva has released a podcast with CTO Amichai Shulman on NG-WAF.

Amichai discusses the Industrialization of Hacking (Whitepaper on that topic found here) and how that's creating a need for WAF solutions to evolve so they can address automated attacks, business logic attacks, and the existing and growing list of technical attacks such as SQL Injection, XSS, etc. He also discusses mechanism for combating automated attacks and business logic attacks, deployments within MSSP and Cloud-based environments, and other components of Imperva's NG-WAF vision. 

Downloads

Podcasting_symbol Whitepaper 

 Stop by our booth at RSA San Francisco this week (March 1st 2010) to learn more.

 

 

 Introducing the Next Generation of Web Application Firewalls

Download Whitepaper

This paper describes Imperva's vision for the next generation of WAFs. It details Web application security problems and solutions today, and gives perspectives on the future. While this paper is not product specific, areas where Imperva SecureSphere currently provides NG-WAF capabilities such as anti-automation, and adaptive threat response are highlighted.

Download Whitepaper

Stop by our booth at RSA San Francisco this week (March 1st 2010) to learn more

 

March 01, 2010
 Hacking's Industrial Revolution - Whitepaper

Download the Whitepaper

Today, hacking is a $1T industry — up from a few billion just three years ago. In 2007, professional hacking represented a multibillion-dollar industry. At present, this same industry posts — in stolen data, IP and financial gain — more than one trillion in value. What explains this rapid growth? Industrialization. Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today's cyber crime industry has similarly transformed and automated itself to achieve scalability and increase profits.

The industrialization of hacking coincides with a critical shift in what's considered today's prized commodity: data. This paper explores:

  • The structure of industrialized hacking operations.
  • Current technologies used by hackers.
  • The most common attack methods and mitigation strategies.

Download the Whitepaper

Stop by our booth at RSA San Francisco this week (March 1st 2010) to learn more

 

February 26, 2010
 Asia IT Security Governance?

On a recent visit to Asia I had the opportunity to sit with many of our regional partners to discuss IT security regulations specific to web applications and databases.  There was no surprise that PCI was at the top of the list followed by SOX for some international companies, primarily American, and then a short list of ISO and country specific regulations.  Each partner I spoke with talked about a different local requirement usually still being defined or just about to become officially enforced.  In each case I received the same question, "Will SecureSphere support the legislation?"

The short answer I gave them all was the same.  If the legislation requires web application security and/or monitoring, and/or defines requirements for securing and/or monitoring database and data access, the answer is 'yes'.  The reality that I have experienced so far has been that while there are various data security regulations, they all typically require the same fundamental output.  Data privacy regulations, regardless of the industry or country, at a minimum, require complying organizations to restrict and/or monitor (audit) who has access to, and to what degree they have access to, the data that must be regulated.

Picture1
  Jimmy Private Data

This, of course, is quite easy for SecureSphere since it has the ability to secure and monitor (audit) any aspect of database and application activity.  All that is required of the administrator is to know what elements of data access should be monitored to comply with the regulation and to configure SecureSphere to secure and/or monitor that activity.  Of course, SecureSphere is pre-configured with the most common regulations, but as I say, it can be easily configured to meet even the most obscure legislation.

The most common current Asia regulations I identified are below:

PCI

SOX

J-SOX

K-SOX

ISO27001

As I stated above, there are some regulations in development for various countries, but they have yet to be ratified.  Additionally, some countries have existing regulations, but have yet to include IT data to the requirements and are still very much focused on the 'paper' books rather than electronic data.  Having worked extensively in various locations around the globe, it's always interesting to see the considerable differences from region to region and country to country.

 

February 22, 2010
 When Idle Hands Find Holes in Security – Posting Porn on Moscow Billboard

Ellen Messmer, at Network World, published a short, entertaining article about an unemployed Russian system administrator who hacked into a giant public billboard on a Moscow street, replacing the advertisement with a pornographic movie.

…Interior Ministry's high-tech crime unit says the suspected billboard hacker is a 41-year-old unemployed man who police believe used the IP address of an organization based in Chechnya to breach a Moscow server…

Needless to say, this stopped traffic both on the street and on the sidewalks stuffing them with gawkers and cell phone videophiles.  Considering the ‘rubber-neck’ traffic created by someone changing a tire where I live, I can only imagine the backup caused this incident.  Taking the security of the billboard server and public safety issues of stopping traffic aside, this article underscored for me the idle hands environment we find ourselves into today with unemployment rates steadily rising. 

Statements attributed to police sources says the hacker was breaking into computers out of curiosity and had admitted to the stunt, which he allegedly said was an effort to entertain

At least in this case, the alleged intent was curiosity and entertainment rather than data theft or destruction. I also consider the distribution method in this case and how the billboard could have been made to show healthcare information, credit card numbers, private financial data, etc…

Panno_billboard_monster_397x224 

 

February 11, 2010
 OWASP Talks about the Attack on RockYou and the Imperva Password Study

OWASP just released episode number 59.  They discuss a number of topics, but during the last third of the podcast they focus on the 32 million clear text passwords that were stolen from RockYou and later posted on the Internet. They also explore Imperva's research paper that explores the strength of those passwords.

The report identifies the most commonly used passwords:

   1. 123456
   2. 12345
   3. 123456789
   4. Password
   5. iloveyou
   6. princess
   7. rockyou
   8. 1234567
   9. 12345678
  10. abc123
"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes," explained Imperva's CTO Amichai Shulman. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

Some key findings of the study include:

  • The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".
  • Recommendations for users and administrators for choosing strong passwords.

 

February 10, 2010
 Cookie Poisoning Resource

Imperva has launched another resource:  Cookie Poisoning. This resource contains information about Cookie Poisoning as well as related White papers, Webcasts, and videos.

Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.

Cookie

...or is there?