1 of 16

Slide Notes

DownloadGo Live

Web Application Security

Published on Nov 18, 2015

@Excellium event

PRESENTATION OUTLINE

WEB APPLICATION SECURITY

Photo by geezaweezer

THREAT LANDSCAPE

Photo by keeva999

Key figures

By sector (%)

Motivations

CASE STUDY

infected wordpress

context

  • anonymous report
  • anonymous report
  • 2500+ compromised websites
  • 1400+ backdoors
  • 40+ countries (including LU)
  • 40+ countries (including LU)
  • one month of cleaning activity
  • one month of cleaning activity

CLEANUP PROCESS

RECOMMENDATIONS

  • check your extensions and plugins
  • thoroughly protect the admin panel
  • do logging and do it right
  • backup, backup, backup
  • adopt securing coding pratices

there are no small incidents

  • minor incidents can escalate fast
  • minor incidents can escalate fast
  • exploitation is still too easy
  • exploitation is still too easy (weakest link)
  • multicompromises are used and abused
  • multicompromises are used and abused
  • everything-to-everything connectivity
  • everything-to-everything connectivity
  • attacks don't stop at boarders/perimeters
  • attacks don't stop at boarders
Photo by JD Hancock

don't suffer in silence

focus on
HUMAN
BEHAVIOUR

focus on
ORGANISATIONAL ASPECTS

focus on
INCIDENT MANAGMENT

PASCAL STEICHEN

THANK YOU FOR YOUR ATTENTION