WhiteHat Security Presentation

Post on 08-Jun-2015

1,549 views 4 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

WhiteHat Security Sales Presentation. Please contact mark.meyer@whitehatsec.com for more information.

transcript

© 2007 WhiteHat Security, Inc.

WhiteHat SecurityWebsite Risk Management

Mark G. MeyerDirector of Sales – Northeast212-422-9400mark.meyer@whitehatsec.com

© 2009 WhiteHat Security | page 2

Web Application - User’s View

© 2009 WhiteHat Security | page 3

Session Hijacking

Parameter Manipulation

Cross-site scripting

Buffer Overflow

Password Guessing

Denial of Service

Account Enumeration

SQL Injection

Web Application – Hacker’s View

© 2009 WhiteHat Security | page 4

WhiteHat Security – Website Risk Management • Evolution of End-to-End Website Risk Management

– WhiteHat Security Founded 2001– Premium Edition Service launched in 2003– Sentinel Standard Edition introduced 2007, Baseline Edition, 2009– Visibility into risk enables oversight, measurement, process control, managementVisibility into risk enables oversight, measurement, process control, management

• Control Web Application Security Costs– Scalable, SaaS – Annual Subscription – 10,000’s of assessments performed annually– Unlimited assessments during term of agreement – Fixed annual fee, cost-efficientFixed annual fee, cost-efficient

• Proven Methodology– Hundreds of Enterprise Customers– ALL Vulnerabilities verified for accuracyALL Vulnerabilities verified for accuracy

• Turnkey– No installation of Hardware or Software– No need to hire, train, and retain additional personnelNo need to hire, train, and retain additional personnel

:

© 2009 WhiteHat Security | page 5

Website Risk Management – 4 Phase Approach

© 2009 WhiteHat Security | page 6

Sentinel PE (Fully Targeted)• High Impact / Production Sites – assessed by

Consultants or scanning tools• Performs critical business functions • Configured assessment delivery • Manual testing for business logic issues• Verified vulnerability reporting

Sentinel SE (Directed)• Internal / Customer Facing Sites – assessed by

scanning tools• Configured assessment delivery • Verified vulnerability reporting

Sentinel BE (Random)• Broad Based Coverage – less-complex sites• Self-service assessment delivery • Verified vulnerability reporting

WhiteHat Sentinel – Vulnerability Management

© 2009 WhiteHat Security | page 7

WhiteHat Sentinel Vulnerability Coverage

Technical: Identify with Automation

Command Execution• Buffer Overflow• Format String Attack• LDAP Injection• OS Commanding• SQL Injection• SSI Injection• XPath Injection

Information Disclosure• Directory Indexing• Information Leakage• Path Traversal• Predictable Resource Location

Client-Side• Content Spoofing• Cross-site Scripting• HTTP Response Splitting• Insecure Content

Business Logic: Human Analysis

Authentication• Brute Force• Insufficient Authentication• Weak Password Recovery Validation• CSRF

Authorization• Credential/Session Prediction• Insufficient Authorization• Insufficient Session Expiration• Session Fixation

Logical Attacks• Abuse of Functionality• Denial of Service• Insufficient Anti-automation• Insufficient Process Validation

Premium EditionStandard EditionBaseline Edition

© 2009 WhiteHat Security | page 8

WhiteHat Sentinel – Key Functionality• Per Website Subscription

• Combination of advanced proprietary technology and expert analysis

• On-Demand Turnkey solution

• 24x7 Reporting / Communication

• Unlimited Assessments / Users

• All Vulnerabilities Verified for Accuracy

• Geared for Development & Production

• Accurate prioritization of risk

• XML API Integration

• WAF Integration – Protection Layer

• Website Security Certification

© 2009 WhiteHat Security | page 9

How WhiteHat Sentinel Works

© 2009 WhiteHat Security | page 10

Secure Protection Layer – Education / WAF

Introduction to Website Security • Overview of Web application security. Understand how Web applications work, how to find

and exploit vulnerabilities, and solutions for protection.

Secure Coding for Java Developers • The dangers of insecure coding practices. Specific ways code can be exploited, and how

to write code to avoid introducing vulnerabilities.

© 2007 WhiteHat Security, Inc.

Questions?

© 2007 WhiteHat Security, Inc.

Supplemental Slides

© 2009 WhiteHat Security | page 13

Alerts – Message Center

© 2009 WhiteHat Security | page 14

Executive Summary – Enterprise Visibility

© 2009 WhiteHat Security | page 15

Website Summary – Individual Activity

© 2009 WhiteHat Security | page 16

Vulnerability Viewer – Remediation / Mitigation

© 2009 WhiteHat Security | page 17

Attack Vector Details – Code Level

© 2009 WhiteHat Security | page 18

Findings Summary – Auditing / Compliance

© 2009 WhiteHat Security | page 19

Scan Scheduler – Control Center

© 2009 WhiteHat Security | page 20

Reporting – Custom Analytics

© 2009 WhiteHat Security | page 21

Resources – API / Best Practices

Top related

WhiteHat Security 2014 Statistics Report Explained
Technology
Whitehat Hacker & Developer Serial Killer: Silently Pwning ...€¦ · Serial Killer: Silently Pwning Your Java Endpoints Chris;an Schneider Whitehat Hacker & Developer Freelancer
Documents
WEBSITE SECURITY STATISTICS REPORT · 2 WEBSITE SECURITY STATISTICS REPORT | MAY 2013 INTRODUCTION WhiteHat SecurityÕs Website Security Statistics Report provides a one-of-a-kind
Documents
Continuous Application Security Testing and Risk WhiteHat … · 2018-05-14 · Continuous Application Security Testing and Risk Based Remediation Prioritization with RiskSense and
Documents
WhiteHat Security 9th Website Security Statistics Report
Technology
WhiteHat Security "Website Security Statistics Report" FULL (Q1'09)
Technology
Application Security Assessment...Application Security Testing. In particular, Gartner noted “WhiteHat Security should be considered by In particular, Gartner noted “WhiteHat Security
Documents
About Us CON 26/DEF CON 26... · Security Researcher, Top 100 of MSRC list ( 2016 & 2017 ), Author of "WhiteHat to talk about web browser security ". • Wu Huiyu @DroidSec_cn Security
Documents
WHITEHAT JR - media.karanbajaj.com
Documents
WhiteHat Security 8th Website Security Statistics Report
Technology
WhiteHat Security WEBSITE SECURITY STATISTICS REPORT MAY 2013
Technology
“Emerging Trends for Security and Technology Careers in ... · “Study—90% of All Sites at Hacking Risk”, InfoWorld, 10/19/07, By Matt Hines, according to WhiteHat Security
Documents
Windows Security 2002 BlackHat New Orleans WhiteHat Security “Web Application Security” and “Presenting” Jeremiah Grossman jeremiah@whitehatsec.com.
Documents
WhiteHat Security Web Applications Security Statistics Report 2016
Documents
Leading Edge SARS-COV-2 Testing - Whitehat Com
Documents
Fade from Whitehat... to Black
Technology
Whitehat s110 Packages-3
Documents
WhiteHat Security "Website Security Statistics Report" (Q1'09)
Technology
Whitehat Online Reputation Management and Marketing ORM
Business
WEB APP ATTACKS ARE THE #1 SOURCE OF BREACHES · 2019-03-05 · 5. HPE Security Research: Cyber Risk Report 2016 6. Web Applications Statistics Report, WhiteHat Security 2016 7. 2016
Documents

Copyright © 2018 DOCUMENTS