+ All Categories
Home > Documents > WhiteHat Security Presentation

WhiteHat Security Presentation

Date post: 08-Jun-2015
Category:

Documents
Upload: markgmeyer
View: 1,549 times
Download: 4 times
Download Report this document
Share this document with a friend
Description:
WhiteHat Security Sales Presentation. Please contact [email protected] for more information.
Popular Tags:
sentinel standard edition
whitehat sentinel works
premium edition service
web application users
process control
exploit vulnerabilities
web applications work
business logic issues
21
© 2007 WhiteHat Security, Inc. WhiteHat Security Website Risk Management Mark G. Meyer Director of Sales – Northeast 212-422-9400 [email protected]
Transcript
Page 1: WhiteHat Security Presentation

© 2007 WhiteHat Security, Inc.

WhiteHat SecurityWebsite Risk Management

Mark G. MeyerDirector of Sales – [email protected]

Page 2: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 2

Web Application - User’s View

Page 3: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 3

Session Hijacking

Parameter Manipulation

Cross-site scripting

Buffer Overflow

Password Guessing

Denial of Service

Account Enumeration

SQL Injection

Web Application – Hacker’s View

Page 4: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 4

WhiteHat Security – Website Risk Management • Evolution of End-to-End Website Risk Management

– WhiteHat Security Founded 2001– Premium Edition Service launched in 2003– Sentinel Standard Edition introduced 2007, Baseline Edition, 2009– Visibility into risk enables oversight, measurement, process control, managementVisibility into risk enables oversight, measurement, process control, management

• Control Web Application Security Costs– Scalable, SaaS – Annual Subscription – 10,000’s of assessments performed annually– Unlimited assessments during term of agreement – Fixed annual fee, cost-efficientFixed annual fee, cost-efficient

• Proven Methodology– Hundreds of Enterprise Customers– ALL Vulnerabilities verified for accuracyALL Vulnerabilities verified for accuracy

• Turnkey– No installation of Hardware or Software– No need to hire, train, and retain additional personnelNo need to hire, train, and retain additional personnel

:

Page 5: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 5

Website Risk Management – 4 Phase Approach

Page 6: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 6

Sentinel PE (Fully Targeted)• High Impact / Production Sites – assessed by

Consultants or scanning tools• Performs critical business functions • Configured assessment delivery • Manual testing for business logic issues• Verified vulnerability reporting

Sentinel SE (Directed)• Internal / Customer Facing Sites – assessed by

scanning tools• Configured assessment delivery • Verified vulnerability reporting

Sentinel BE (Random)• Broad Based Coverage – less-complex sites• Self-service assessment delivery • Verified vulnerability reporting

WhiteHat Sentinel – Vulnerability Management

Page 7: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 7

WhiteHat Sentinel Vulnerability Coverage

Technical: Identify with Automation

Command Execution• Buffer Overflow• Format String Attack• LDAP Injection• OS Commanding• SQL Injection• SSI Injection• XPath Injection

Information Disclosure• Directory Indexing• Information Leakage• Path Traversal• Predictable Resource Location

Client-Side• Content Spoofing• Cross-site Scripting• HTTP Response Splitting• Insecure Content

Business Logic: Human Analysis

Authentication• Brute Force• Insufficient Authentication• Weak Password Recovery Validation• CSRF

Authorization• Credential/Session Prediction• Insufficient Authorization• Insufficient Session Expiration• Session Fixation

Logical Attacks• Abuse of Functionality• Denial of Service• Insufficient Anti-automation• Insufficient Process Validation

Premium EditionStandard EditionBaseline Edition

Page 8: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 8

WhiteHat Sentinel – Key Functionality• Per Website Subscription

• Combination of advanced proprietary technology and expert analysis

• On-Demand Turnkey solution

• 24x7 Reporting / Communication

• Unlimited Assessments / Users

• All Vulnerabilities Verified for Accuracy

• Geared for Development & Production

• Accurate prioritization of risk

• XML API Integration

• WAF Integration – Protection Layer

• Website Security Certification

Page 9: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 9

How WhiteHat Sentinel Works

Page 10: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 10

Secure Protection Layer – Education / WAF

Introduction to Website Security • Overview of Web application security. Understand how Web applications work, how to find

and exploit vulnerabilities, and solutions for protection.

Secure Coding for Java Developers • The dangers of insecure coding practices. Specific ways code can be exploited, and how

to write code to avoid introducing vulnerabilities.

Page 11: WhiteHat Security Presentation

© 2007 WhiteHat Security, Inc.

Questions?

Page 12: WhiteHat Security Presentation

© 2007 WhiteHat Security, Inc.

Supplemental Slides

Page 13: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 13

Alerts – Message Center

Page 14: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 14

Executive Summary – Enterprise Visibility

Page 15: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 15

Website Summary – Individual Activity

Page 16: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 16

Vulnerability Viewer – Remediation / Mitigation

Page 17: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 17

Attack Vector Details – Code Level

Page 18: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 18

Findings Summary – Auditing / Compliance

Page 19: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 19

Scan Scheduler – Control Center

Page 20: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 20

Reporting – Custom Analytics

Page 21: WhiteHat Security Presentation

© 2009 WhiteHat Security | page 21

Resources – API / Best Practices


Recommended
Web Application Security and Release of "WhiteHat Arsenal"

Web Application Security and Release of "WhiteHat Arsenal"

Technology

About Us CON 26/DEF CON 26... · Security Researcher, Top 100 of MSRC list ( 2016 & 2017 ), Author of "WhiteHat to talk about web browser security ". • Wu Huiyu @DroidSec_cn Security

About Us CON 26/DEF CON 26... · Security Researcher, Top 100 of MSRC list ( 2016 & 2017 ), Author of "WhiteHat to talk about web browser security ". • Wu Huiyu @DroidSec_cn Security

Documents

WEB APP ATTACKS ARE THE #1 SOURCE OF BREACHES · 2019-03-05 · 5. HPE Security Research: Cyber Risk Report 2016 6. Web Applications Statistics Report, WhiteHat Security 2016 7. 2016

WEB APP ATTACKS ARE THE #1 SOURCE OF BREACHES · 2019-03-05 · 5. HPE Security Research: Cyber Risk Report 2016 6. Web Applications Statistics Report, WhiteHat Security 2016 7. 2016

Documents

WEBSITE SECURITY STATISTICS REPORT · 2 WEBSITE SECURITY STATISTICS REPORT | MAY 2013 INTRODUCTION WhiteHat SecurityÕs Website Security Statistics Report provides a one-of-a-kind

WEBSITE SECURITY STATISTICS REPORT · 2 WEBSITE SECURITY STATISTICS REPORT | MAY 2013 INTRODUCTION WhiteHat SecurityÕs Website Security Statistics Report provides a one-of-a-kind

Documents

WhiteHat Website Security Statistic Report · 2020-01-17 · vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the

WhiteHat Website Security Statistic Report · 2020-01-17 · vulnerabilities, accompanied by WhiteHat expert analysis and recommendations. WhiteHat’s report is the only one in the

Documents

WhiteHat 2014 Website Security Statistics Report

WhiteHat 2014 Website Security Statistics Report

Technology

WhiteHat Security 8th Website Security Statistics Report

WhiteHat Security 8th Website Security Statistics Report

Technology

Leading Edge SARS-COV-2 Testing - Whitehat Com

Leading Edge SARS-COV-2 Testing - Whitehat Com

Documents

The Role Of D-Dimer In Venous Thromboembolic - Whitehat

The Role Of D-Dimer In Venous Thromboembolic - Whitehat

Documents

CBT Course Descriptions - WhiteHat Security SECURE ASP.NET APPLICATIONS DURATION: 1 hour of content, approximately 1.5 hour(s) to complete AUDIENCE: …

CBT Course Descriptions - WhiteHat Security SECURE ASP.NET APPLICATIONS DURATION: 1 hour of content, approximately 1.5 hour(s) to complete AUDIENCE: …

Documents

Web Application Security - lopdcumplimiento.es Medidas... · VP WhiteHat Security OWASP GLOBAL BOARD MEMBER OWASP Podcast and Cheat-Sheet Lead Eoin Keary CTO BCC Risk Advisory (Ireland)

Web Application Security - lopdcumplimiento.es Medidas... · VP WhiteHat Security OWASP GLOBAL BOARD MEMBER OWASP Podcast and Cheat-Sheet Lead Eoin Keary CTO BCC Risk Advisory (Ireland)

Documents

Antibiotics - Whitehat Communications

Antibiotics - Whitehat Communications

Documents

WhiteHat Security 2014 Statistics Report Explained

WhiteHat Security 2014 Statistics Report Explained

Technology

WhiteHat Security Website Statistics [Full Report] (2013)

WhiteHat Security Website Statistics [Full Report] (2013)

Technology

WhiteHat Security Web Applications Security Statistics Report 2016

WhiteHat Security Web Applications Security Statistics Report 2016

Documents

WhiteHat Security Website Statistics Report [SLIDES] (2013)

WhiteHat Security Website Statistics Report [SLIDES] (2013)

Technology

Note: This document is the original copyright of WhiteHat ...

Note: This document is the original copyright of WhiteHat ...

Documents

WhiteHat Security WEBSITE SECURITY STATISTICS REPORT MAY 2013

WhiteHat Security WEBSITE SECURITY STATISTICS REPORT MAY 2013

Technology