It's been a busy week for me having presented OWASP Top 10 Tools and Tactics at SANSFIRE in Washington, DC Tuesday evening 10 July, followed by Evil Through The Lens of Web Logs at the Microsoft Security Response Alliance Summit in Redmond (the other Washington) Thursday morning 12 July.
I had an excellent time in both cases and met some great people.
The OWASP Top 10 Tools and Tactics talk was for attendees who've spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, and have utilized or referenced the OWASP Top 10. Intended first as an awareness mechanism, the Top 10 covers the most critical web application security flaws via consensus reached by a global consortium of application security experts. The OWASP Top 10 promotes managing risk in addition to awareness training, application testing, and remediation. To do so, application security practitioners and developers need an appropriate tool kit. As such, this presentation explored tooling, tactics, analysis, and mitigation for each of the Top 10 and is a useful companion for attendees of Kevin (never except his FB friend request) Johnson's Security 542
: Web App Penetration Testing and Ethical Hacking.
We had a full house and a lot of fun.
The MSRA presentation was a summary of activity related to the SANS Reading Room paper of the same title, and was presented to attendees from the Global Infrastructure Alliance for Internet Safety (GIAIS) working group (shout out to the REN-ISAC
Web logs can be analyzed with specific attention to Internet Background Radiation (IBR). Two bands of the IBR spectrum include scanning and misconfiguration where details about attacker and victim patterns are readily available. Via web application specific examples this discussion analyzed attacks exhibiting traits, trends, and tendencies from the attacker and victim perspectives. This presentation built on findings to cover parsing and analysis techniques, as well as investigative tactics. Tooling and real examples were included to allow attendees to learn methods that can be utilized against their own logs for detective measures useful in mitigating attacks.
The MSRA copy of the presentation is not published online but you can grab the same presentation from RSA here
or watch a short video version of it here
Let me know if you have any questions, and thanks to all who attended.