SlideShare a Scribd company logo

The State of Application Security: Hackers On Steroids

โ€ขDownload as PPT, PDFโ€ข
โ€ข
Imperva
Imperva

Organizations of all sizes face a universal security threat from todayโ€™s organized hacking industry. Why? Hackers have decreased costs and expanded their reach with tools and technologies that allow for automated attacks against Web applications. This presentation will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report. View this presentation for an in-depth view of the threat landscape for the year. We will: - Discuss hacking trends and shifts - Provide breach analysis by geography, industry, and attack type - Detail next steps for improved security controls and risk management processes

Data & AnalyticsInternetTechnology
1 of 68
ยฉ 2015 Imperva, Inc. All rights reserved. The State of Application Security: Hackers On Steroids Itsik Mantin, Director of Security Research, Imperva
ยฉ 2015 Imperva, Inc. All rights reserved. โ€œStudy the past if you would define the futureโ€ (Confucius)
ยฉ 2015 Imperva, Inc. All rights reserved. Speaker โ€ข Director of Security Research at Imperva โ€ข 15 years experience in the security industry โ€ข An inventor of 15 patents in these fields โ€ข Holds an M.Sc. in Applied Math and Computer Science โ€ข Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences Itsik Mantin 3
ยฉ 2015 Imperva, Inc. All rights reserved. Making the Report 4
Attack Detection Mechanisms Application Profiling 5
Attack Types 6
Attack Incidents Attack Type Min Ratio #Alert/5min SQLi 20 HTTP 10 XSS 5 DT 5 Spam 1 RCE 1 FU 1 Incident Collection of alerts Same attack type Same target Essentially same time Not necessarily same IP Incident Alert RatioIncident Alert Ratio 7
ยฉ 2015 Imperva, Inc. All rights reserved. Attack Trends 1 8
ยฉ 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked 9
ยฉ 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked Everyoneโ€™s at risk 3/4 apps attacked for every attack type 10
ยฉ 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked โ€œPerfectโ€ RCE Coverage All applications were attacked 11
ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 12
ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 75th Percentile Median 25th percentile 13
ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents RCE and Spam are the most popular RCE: Median of 273 14
ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles 15
ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles RCE Blind Scans All applications suffer equally 16
ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Spam is discriminatory Spoiler โ€“ some industries suffer more 17
ยฉ 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting 18
ยฉ 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting Most Applications see SQLi and XSS every other week Median of 12-13 for 6-month period 3-5 days for topQ applications 19
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 20
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends SQLi Persistent Growth 100% increase in 2014 200% increase in 2015 #Incidents XSS Persistent Growth 100% increase in 2014 150% increase in 2015 21
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 22
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 23
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 24
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents 25
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents RFI was on fire in 2014 Super-popular attack vector in 2014 Back to โ€œnormalโ€ in 2015 26
ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents DT Decrease 2014 trend changed Spoiler โ€“ in one industry DT is still the attack of choice 27
ยฉ 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks 28
ยฉ 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks SQLi Attacks are most Intensive 72-204 alerts for quartile 3 (of the incidents) 300K alerts in most intensive attack 29
ยฉ 2015 Imperva, Inc. All rights reserved. Reputation 2 30
Reputation 31
Reputation 32
Reputation Serial Attackers โ€“ 70% Anonymous Browsing โ€“ 8% 33
ยฉ 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 34
ยฉ 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 35
ยฉ 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 140,000 anonymous browsing 1,800,000 detect-by-content 12,500,000 serial attackers 1,700,000 anonymous browsing 280,000 detect-by-content 28,000 serial attackers 36
ยฉ 2015 Imperva, Inc. All rights reserved. Industry Trends 3 37
ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE 38
ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE Massive Spam/RCE Campaigns 39
ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Massive Spam/RCE Campaigns 40
ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Spam focused on travel applications Massive Spam/RCE Campaigns 41
ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 42
ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 43
ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 57% XSS incidents on Health 44
ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 37% DT incidents on Food 45
ยฉ 2015 Imperva, Inc. All rights reserved. Web Framework Trends 4 46
ยฉ 2015 Imperva, Inc. All rights reserved. Content Management Systems 47
ยฉ 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications 48
ยฉ 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications CMS At Risk CMS applications are attacked 3 Times more often Trend consistent for all attack types 49
ยฉ 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress 50
ยฉ 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 51
ยฉ 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 52
ยฉ 2015 Imperva, Inc. All rights reserved. Geographic Trends 53
ยฉ 2015 Imperva, Inc. All rights reserved. Geographic Attack Trends Country Absolute #Requests Internet Users US 17,671,816 278,553,524 China 8,227,498 672,585,110 UK 2,224,749 59,097,955 54
ยฉ 2015 Imperva, Inc. All rights reserved. Geographic Attack โ€“ Year-over-Year 55
ยฉ 2015 Imperva, Inc. All rights reserved. Case Studies 6 56
ยฉ 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 57
ยฉ 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 75,000 incidents 189 applications 26,000 incidents 137 applications 23,000 incidents 174 applications 57,500 incidents 193 applications 58
ยฉ 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 59
ยฉ 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 6,800 alerts per hour 60
ยฉ 2015 Imperva, Inc. All rights reserved. Scraping Case Study โ€ข TOR Massive Scraping attack โ€ข 2 million requests โ€ข 777 TOR Ips โ€ข User-Agent faking 61
ยฉ 2015 Imperva, Inc. All rights reserved. Scraping Case Study 62
ยฉ 2015 Imperva, Inc. All rights reserved. Scraping Case Study 63
ยฉ 2015 Imperva, Inc. All rights reserved. Conclusions 64
ยฉ 2015 Imperva, Inc. All rights reserved. Recommendations 65
ยฉ 2015 Imperva, Inc. All rights reserved. Q&A 7 66
ยฉ 2015 Imperva, Inc. All rights reserved. Download 2015 Web Application Attack Report 67 http://www.imperva.com/DefenseCenter/WAAR
The State of Application Security: Hackers On Steroids

Recommended

Why Network and Endpoint Security Isnโ€™t Enough
Why Network and Endpoint Security Isnโ€™t EnoughWhy Network and Endpoint Security Isnโ€™t Enough
Why Network and Endpoint Security Isnโ€™t Enough
Imperva
ย 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Imperva
ย 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
Imperva
ย 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
Imperva
ย 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
Imperva
ย 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
Imperva
ย 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
Imperva
ย 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
Imperva
ย 

Recommended

Why Network and Endpoint Security Isnโ€™t Enough
Why Network and Endpoint Security Isnโ€™t EnoughWhy Network and Endpoint Security Isnโ€™t Enough
Why Network and Endpoint Security Isnโ€™t Enough
Imperva
ย 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Imperva
ย 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
Imperva
ย 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
Imperva
ย 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
Imperva
ย 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
Imperva
ย 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
Imperva
ย 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
Imperva
ย 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
Imperva
ย 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
Imperva
ย 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
Imperva
ย 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
Imperva
ย 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
Imperva
ย 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
jenkoon
ย 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
Imperva
ย 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)
Imperva
ย 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva
ย 
Bleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers โ€“ How Hackers are Exploiting Known VulnerabilitiesBleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Imperva
ย 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
Imperva
ย 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
Shah Sheikh
ย 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
ย 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
Camilo Fandiรฑo Gรณmez
ย 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
Rahul Neel Mani
ย 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
ย 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
ย 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiรฑo Gรณmez
ย 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
ย 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
Rahul Neel Mani
ย 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
Imperva Incapsula
ย 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva
ย 

More Related Content

What's hot

Bleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers โ€“ How Hackers are Exploiting Known VulnerabilitiesBleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Imperva
ย 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
ย 

What's hot (20)

An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
ย 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
ย 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
ย 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
ย 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
ย 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
ย 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS Environment
ย 
Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)Web Application Attack Report (Edition #1 - July 2011)
Web Application Attack Report (Edition #1 - July 2011)
ย 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
ย 
Bleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers โ€“ How Hackers are Exploiting Known VulnerabilitiesBleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers โ€“ How Hackers are Exploiting Known Vulnerabilities
ย 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
ย 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
ย 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
ย 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
ย 
State of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of BotnetsState of the Internet: Mirai, IOT and History of Botnets
State of the Internet: Mirai, IOT and History of Botnets
ย 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
ย 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
ย 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
ย 
Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
ย 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
ย 

Similar to The State of Application Security: Hackers On Steroids

State of the Phish Webinar 2015
State of the Phish Webinar 2015State of the Phish Webinar 2015
State of the Phish Webinar 2015
ThreatSim
ย 
Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)
Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)
Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)
Jeremiah Grossman
ย 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
ย 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
HelpSystems
ย 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
Denim Group
ย 

Similar to The State of Application Security: Hackers On Steroids (20)

An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
ย 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
ย 
2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds2022 APIsecure_A day in the life of an API; Fighting the odds
2022 APIsecure_A day in the life of an API; Fighting the odds
ย 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
ย 
State of the Phish Webinar 2015
State of the Phish Webinar 2015State of the Phish Webinar 2015
State of the Phish Webinar 2015
ย 
Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)
Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)
Where Flow Charts Donโ€™t Go -- Website Security Statistics Report (2015)
ย 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
ย 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
ย 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
ย 
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps successWinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
WinOps Conf 2015 - John Rakowski - Militarise It for #DevOps success
ย 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
ย 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
ย 
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i SecuritySecurity Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
Security Alert - Expert Uncovers the "Dirty Little Secret" of IBM i Security
ย 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for Healthcare
ย 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
ย 
Structuring and Scaling an Application Security Program
Structuring and Scaling an Application Security ProgramStructuring and Scaling an Application Security Program
Structuring and Scaling an Application Security Program
ย 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
ย 
15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years15 Years of Web Security: The Rebellious Teenage Years
15 Years of Web Security: The Rebellious Teenage Years
ย 
Experian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo SessionExperian and 41st Parameter - 2015 CNP Expo Session
Experian and 41st Parameter - 2015 CNP Expo Session
ย 
Leveraging Compliance to โ€œHelpโ€ Prevent a Future Breach
Leveraging Compliance to โ€œHelpโ€ Prevent a Future BreachLeveraging Compliance to โ€œHelpโ€ Prevent a Future Breach
Leveraging Compliance to โ€œHelpโ€ Prevent a Future Breach
ย 

More from Imperva

Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
Imperva
ย 

More from Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
ย 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
ย 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
ย 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
ย 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
ย 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
ย 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
ย 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
ย 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
ย 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
ย 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
ย 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
ย 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
ย 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
ย 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
ย 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
ย 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
ย 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
ย 
Hacking HTTP/2 : New attacks on the Internetโ€™s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internetโ€™s Next Generation FoundationHacking HTTP/2 : New attacks on the Internetโ€™s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internetโ€™s Next Generation Foundation
ย 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
ย 

Recently uploaded

Vadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book nowVadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book now
gargpaaro
ย 
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
kumargunjan9515
ย 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
ย 
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
HyderabadDolls
ย 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
HyderabadDolls
ย 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
ย 
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
ย 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
ย 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
gajnagarg
ย 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
Timothy Spann
ย 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
ย 
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
gajnagarg
ย 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
ย 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
kumargunjan9515
ย 
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
ย 

Recently uploaded (20)

Vadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book nowVadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara ๐Ÿ’‹ Call Girl 7737669865 Call Girls in Vadodara Escort service book now
ย 
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime GiridihGiridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
Giridih Escorts Service Girl ^ 9332606886, WhatsApp Anytime Giridih
ย 
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
ย 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
ย 
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
Lake Town / Independent Kolkata Call Girls Phone No 8005736733 Elite Escort S...
ย 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
ย 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
ย 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
ย 
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham WareDigital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham Ware
ย 
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Rohtak [ 7014168258 ] Call Me For Genuine Models We...
ย 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ย 
20240412-SmartCityIndex-2024-Full-Report.pdf
20240412-SmartCityIndex-2024-Full-Report.pdf20240412-SmartCityIndex-2024-Full-Report.pdf
20240412-SmartCityIndex-2024-Full-Report.pdf
ย 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
ย 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
ย 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
ย 
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
Identify Customer Segments to Create Customer Offers for Each Segment - Appli...
ย 
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
ย 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
ย 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
ย 
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Indore [ 7014168258 ] Call Me For Genuine Models We...
ย 

The State of Application Security: Hackers On Steroids

  • 1. ยฉ 2015 Imperva, Inc. All rights reserved. The State of Application Security: Hackers On Steroids Itsik Mantin, Director of Security Research, Imperva
  • 2. ยฉ 2015 Imperva, Inc. All rights reserved. โ€œStudy the past if you would define the futureโ€ (Confucius)
  • 3. ยฉ 2015 Imperva, Inc. All rights reserved. Speaker โ€ข Director of Security Research at Imperva โ€ข 15 years experience in the security industry โ€ข An inventor of 15 patents in these fields โ€ข Holds an M.Sc. in Applied Math and Computer Science โ€ข Presenter in Blackhat Asia, OWASP IL, EuroCrypt and other conferences Itsik Mantin 3
  • 4. ยฉ 2015 Imperva, Inc. All rights reserved. Making the Report 4
  • 7. Attack Incidents Attack Type Min Ratio #Alert/5min SQLi 20 HTTP 10 XSS 5 DT 5 Spam 1 RCE 1 FU 1 Incident Collection of alerts Same attack type Same target Essentially same time Not necessarily same IP Incident Alert RatioIncident Alert Ratio 7
  • 8. ยฉ 2015 Imperva, Inc. All rights reserved. Attack Trends 1 8
  • 9. ยฉ 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked 9
  • 10. ยฉ 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked Everyoneโ€™s at risk 3/4 apps attacked for every attack type 10
  • 11. ยฉ 2015 Imperva, Inc. All rights reserved. Chance of Getting Attacked โ€œPerfectโ€ RCE Coverage All applications were attacked 11
  • 12. ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 12
  • 13. ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents 75th Percentile Median 25th percentile 13
  • 14. ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents RCE and Spam are the most popular RCE: Median of 273 14
  • 15. ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles 15
  • 16. ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Inequality Measure Ratio between 3rd and 2nd quartiles RCE Blind Scans All applications suffer equally 16
  • 17. ยฉ 2015 Imperva, Inc. All rights reserved. Number of Attack Incidents Spam is discriminatory Spoiler โ€“ some industries suffer more 17
  • 18. ยฉ 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting 18
  • 19. ยฉ 2015 Imperva, Inc. All rights reserved. SQL Injection and Cross-Site Scripting Most Applications see SQLi and XSS every other week Median of 12-13 for 6-month period 3-5 days for topQ applications 19
  • 20. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 20
  • 21. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends SQLi Persistent Growth 100% increase in 2014 200% increase in 2015 #Incidents XSS Persistent Growth 100% increase in 2014 150% increase in 2015 21
  • 22. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends #Incidents 22
  • 23. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 23
  • 24. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Up-Trends 24
  • 25. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents 25
  • 26. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents RFI was on fire in 2014 Super-popular attack vector in 2014 Back to โ€œnormalโ€ in 2015 26
  • 27. ยฉ 2015 Imperva, Inc. All rights reserved. Year-over-Year Down-Trends #Incidents DT Decrease 2014 trend changed Spoiler โ€“ in one industry DT is still the attack of choice 27
  • 28. ยฉ 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks 28
  • 29. ยฉ 2015 Imperva, Inc. All rights reserved. Magnitude of Attacks SQLi Attacks are most Intensive 72-204 alerts for quartile 3 (of the incidents) 300K alerts in most intensive attack 29
  • 30. ยฉ 2015 Imperva, Inc. All rights reserved. Reputation 2 30
  • 33. Reputation Serial Attackers โ€“ 70% Anonymous Browsing โ€“ 8% 33
  • 34. ยฉ 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 34
  • 35. ยฉ 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 35
  • 36. ยฉ 2015 Imperva, Inc. All rights reserved. Serial Attackers Vs. Anonymous Browsing 140,000 anonymous browsing 1,800,000 detect-by-content 12,500,000 serial attackers 1,700,000 anonymous browsing 280,000 detect-by-content 28,000 serial attackers 36
  • 37. ยฉ 2015 Imperva, Inc. All rights reserved. Industry Trends 3 37
  • 38. ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE 38
  • 39. ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE Massive Spam/RCE Campaigns 39
  • 40. ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Massive Spam/RCE Campaigns 40
  • 41. ยฉ 2015 Imperva, Inc. All rights reserved. Per-Industry Trends Health Food Travel Leisure Shopping Business Financial Computer DT FU HTTP RFI SQLi XSSSpamRCE RCE blind scans Spam focused on travel applications Massive Spam/RCE Campaigns 41
  • 42. ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 42
  • 43. ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 43
  • 44. ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 57% XSS incidents on Health 44
  • 45. ยฉ 2015 Imperva, Inc. All rights reserved. Attack Types 37% DT incidents on Food 45
  • 46. ยฉ 2015 Imperva, Inc. All rights reserved. Web Framework Trends 4 46
  • 47. ยฉ 2015 Imperva, Inc. All rights reserved. Content Management Systems 47
  • 48. ยฉ 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications 48
  • 49. ยฉ 2015 Imperva, Inc. All rights reserved. CMS Trends All CMS Non CMS Applications CMS At Risk CMS applications are attacked 3 Times more often Trend consistent for all attack types 49
  • 50. ยฉ 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress 50
  • 51. ยฉ 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 51
  • 52. ยฉ 2015 Imperva, Inc. All rights reserved. WordPress Trends Other CMS Non CMS WordPress WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks WordPress at More Risk 3.5 times more attacks than non-CMS Applications 7 times more RFI and Spam Attacks 52
  • 53. ยฉ 2015 Imperva, Inc. All rights reserved. Geographic Trends 53
  • 54. ยฉ 2015 Imperva, Inc. All rights reserved. Geographic Attack Trends Country Absolute #Requests Internet Users US 17,671,816 278,553,524 China 8,227,498 672,585,110 UK 2,224,749 59,097,955 54
  • 55. ยฉ 2015 Imperva, Inc. All rights reserved. Geographic Attack โ€“ Year-over-Year 55
  • 56. ยฉ 2015 Imperva, Inc. All rights reserved. Case Studies 6 56
  • 57. ยฉ 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 57
  • 58. ยฉ 2015 Imperva, Inc. All rights reserved. Shellshock Mega-Trend 75,000 incidents 189 applications 26,000 incidents 137 applications 23,000 incidents 174 applications 57,500 incidents 193 applications 58
  • 59. ยฉ 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 59
  • 60. ยฉ 2015 Imperva, Inc. All rights reserved. SQLi Cases Study 6,800 alerts per hour 60
  • 61. ยฉ 2015 Imperva, Inc. All rights reserved. Scraping Case Study โ€ข TOR Massive Scraping attack โ€ข 2 million requests โ€ข 777 TOR Ips โ€ข User-Agent faking 61
  • 62. ยฉ 2015 Imperva, Inc. All rights reserved. Scraping Case Study 62
  • 63. ยฉ 2015 Imperva, Inc. All rights reserved. Scraping Case Study 63
  • 64. ยฉ 2015 Imperva, Inc. All rights reserved. Conclusions 64
  • 65. ยฉ 2015 Imperva, Inc. All rights reserved. Recommendations 65
  • 66. ยฉ 2015 Imperva, Inc. All rights reserved. Q&A 7 66
  • 67. ยฉ 2015 Imperva, Inc. All rights reserved. Download 2015 Web Application Attack Report 67 http://www.imperva.com/DefenseCenter/WAAR

Editor's Notes

  1. Motivation Target audience Tradition
  2. 198 WAF customers 103,455,308 security events The team - ADC led by CTO Next slide - The alerts were gathered with โ€ฆ
  3. Positive Negative vs. Positive security model Crowd sourcing Distinction โ€“ content vs. reputation Next slide โ€“ this distinction
  4. Focus on attack types Reputation-based detection vs. Content-based detection
  5. Incident โ€“ collection of requests which seem to belong to the same attack The IP dilemma
  6. # of attacks within the report period
  7. Most prominent - Everyoneโ€™s at risk For every attack type (RCE), at least 3/4 applications (100%) were attacked If you expose your application to the Internet โ€“ you will get attacked
  8. If you expose your application to the Internet โ€“ you will get attacked Next slide - How many attacksโ€ฆ..
  9. Explain the diagram Explain the quartiles notion
  10. Explain the diagram Explain the quartiles notion
  11. RCE โ€“ 273-591 for the Q3 (Shellshock) Spam: 24-276 attacks on Q3 Notice the difference between RCE and Spam
  12. Equality Measure Spam is outstanding RCE is lowest Next slide โ€“ zoomin to other attack types
  13. Equality Measure Spam is outstanding RCE is lowest Next slide โ€“ zoomin to other attack types
  14. Equality Measure Spam is outstanding RCE is lowest Next slide โ€“ zoomin to other attack types
  15. Explain the diagram โ€“ attacks during 6 months Next slide โ€“ year over year
  16. Explain the diagram โ€“ attacks during 6 months Next slide โ€“ year over year
  17. Diagram โ€“ we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide โ€“ down trends
  18. Diagram โ€“ we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide โ€“ down trends
  19. Diagram โ€“ we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide โ€“ down trends
  20. Diagram โ€“ we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide โ€“ down trends
  21. Diagram โ€“ we use the median Exponential growth Why: Reduce cost of computational power Availability of knowledge and tools Next slide โ€“ down trends
  22. Next slide โ€“ from number of attacks to the intern of attacks - magnitude
  23. Next slide โ€“ from number of attacks to the intern of attacks - magnitude
  24. Next slide โ€“ from number of attacks to the intern of attacks - magnitude
  25. Attacks mounted by scanners Typical SQLi attack includes more than 70 requests, usually arriving in bursts over a short period The most intensive SQLi attack spanned 300,000 malicious requests
  26. Attacks mounted by scanners Typical SQLi attack includes more than 70 requests, usually arriving in bursts over a short period The most intensive SQLi attack spanned 300,000 malicious requests
  27. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  28. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  29. What is reputation based mitigation? Crowed sourcing Reputation based mechanism saves the web-application server and the waf computing resources as the data is blocked in very early stages. Is reputation based mitigation effective? 4 out of 5 alerts are detected by reputation Serial attackers and anonymous browsing
  30. Zoom into the data X/Y-axis. Limit 2M Different points in time different mitigations are more effective
  31. Zoom into the data X/Y-axis. Limit 2M Different points in time different mitigations are more effective
  32. Insights on the different industries => show the percent of incidents for each attack type The dominance of RCE and Spam => zoom in
  33. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  34. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  35. Exclude Spam and RCE XSS are rare XSS are popular on the health industry, maybe to steal personal information DT are popular on restaurants applications. Not clear why
  36. 3 groups WordPress is popular
  37. Normalized the absolute # requests by the internet users published by the world bank The bigger the bubble the traffic is more malicious
  38. Netherlands and USA in the top five second 2 year in a row Cyprus, Costa Rica, Switzerland were dominant last year and are not dominant anymore.
  39. One of the most significant security event Zoom into the Shellshock incidents Week-by-week analysis Remind you โ€“ 2015 period while Shellshock was published during September 2014 2 waves: the first is during September 2014, right after the publication โ€“ not in the report The second is during weeks 14-19 โ€“ April 2015 Seven month after the publication, attackers hit again
  40. One of the most significant security event Zoom into the Shellshock incidents Week-by-week analysis Remind you โ€“ 2015 period while Shellshock was published during September 2014 2 waves: the first is during September 2014, right after the publication โ€“ not in the report The second is during weeks 14-19 โ€“ April 2015 Seven month after the publication, attackers hit again
  41. Focus on one application that was highly attacked. The attack lasted 4 days with high SQLi activity. 6,800 Alerts per hour, The attacks had similar patterns Blocked by content and by reputation, negative security model, signatures, policies 2 waves โ€“ the first one faded away on the third day and a new wave on the 4th day We believe that the first wave faded away due to our blocking mechanisms and the second wave was used with a new pool of Ips to try to avoid blocking
  42. Focus on one application that was highly attacked. The attack lasted 4 days with high SQLi activity. 6,800 Alerts per hour, The attacks had similar patterns Blocked by content and by reputation, negative security model, signatures, policies 2 waves โ€“ the first one faded away on the third day and a new wave on the 4th day We believe that the first wave faded away due to our blocking mechanisms and the second wave was used with a new pool of Ips to try to avoid blocking
  43. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  44. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  45. We looked at one application in a specific week with high activity from TOR 2 million requests from TOR 99% were targeted for 3 URLs: search and 2 shopping pages (different input parameters values for product ID) ~2,000 sessions IDs Usage of session ID from multiple Ips at the same time 3 main user-agents that were used in different permutations
  46. 3 out of 4 applications are attacked Crowd sourcing is effective โ€“ 4 out of 5 Shellshock mega-trend influenced cyberspace Y2Y increase
  47. Mega trend vulnerabilities spread like wildfire: keep updated with new vulnerabilities mitigations Be part of a community defense: it prevents attacks and saves CPU