AppSec2005DC Jeremy Poteet In the Line of Fire

0 %
100 %
Information about AppSec2005DC Jeremy Poteet In the Line of Fire
Product-Training-Manuals

Published on August 30, 2007

Author: Barbara

Source: authorstream.com

In the Line of Fire:Defending Highly Visible Targets:  In the Line of Fire: Defending Highly Visible Targets Jeremy Poteet, CISSP Chief Security Officer, appDefense jpoteet@appdefense.com 636.294.2774 Introduction:  Introduction What is a highly visible application? Begin at the beginning Stories from the trenches Hope - it can be done OWASP You might be a highly visible site if …:  You might be a highly visible site if … … the press shows up for the deployment of your app … any error message shows up in hundreds of blogs … you can’t count the number of sites whose sole purpose is to list attack plans and provide tools for breaking into your application … every hacker, security want-to-be and activist would love to use your site to make a statement … CNN displays when your site is sluggish on their tickertape What makes a highly visible site:  What makes a highly visible site Crown Jewels Money Data Notoriety What it Represents Making a Statement Users + Focus Signature of a highly visible site:  Signature of a highly visible site Complex Systems Multiples Technologies Developers Servers Applications Highly volatile Something to lose Highly visible is the same:  Highly visible is the same Still web applications Same issues still apply In ideal world, it doesn’t matter Applications don’t always start as highly visible Best practices still apply Highly visible is different:  Highly visible is different Time to Impact Coordination Number of Cooks External Visibility Cascading Begin at the Beginning:  Begin at the Beginning Learn from the past Only as strong as the foundation Know what is expected Information is your best friend Prepare for failure Dealing With Application Complexity:  Dealing With Application Complexity Team based system Geographic systems Custom PDF Generation File Upload and Downloads Memory Leak, Scalability or DOS? Powerful apps = High promotion Quick resolution to issues The Debates:  The Debates Highest volume Visibility Outward - Press Outward - Voters Inward - Staff Large volume of data Real time responses Debate timeline changes Walling off failure:  Walling off failure Isolating Systems From Impacting Each Other Database Segregation Application Separation Access Toggling Additional Monitoring Scalability Volume of Attacks:  Volume of Attacks High Volume usage goes with High Volume attacks Cover Visibility Assist in attacks Convention/Debate/Elections Maximum Impact Caching:  Caching Minimize data access and processing Bleed over Client vs. Server Shifting of responsibility Level of Control Complete Architecture Shift:  Complete Architecture Shift Rapid Switch Rules Reset Configure Rather than Recode Assume Nothing Contingency Plan Perception:  Perception Worst Case Scenario Rising Visibility Increased and Focused Attacks Gut Check Perception is Everything No site is an island:  No site is an island Branding Integrated Tools Integrated Sites Feeds Applications are wide ranging Perception and reality must meet Beneath the noise:  Beneath the noise Constant Attacks High Volume Pages Concentrated Volume Sub-Pages - Understanding how the application functions Coordinated Attacks Out of Your Control:  Out of Your Control Emails from application systematically spammed Data is the system Pandora’s Box Containment Damage Control Data Mines:  Data Mines Elaborate system of mines Access Mechanism Used Timestamp Monitoring Tracking Allows the weak link to be located quickly Hope - It Can Be Done:  Hope - It Can Be Done No Silver Bullet Requires Creativity Commitment Diligence Begin With the Basics Information is Key OWASP:  OWASP Guide Top 10 Specific Tools Put Back In Take the Advantage In the Line of Fire:Defending Highly Visible Targets:  In the Line of Fire: Defending Highly Visible Targets Jeremy Poteet, CISSP Chief Security Officer, appDefense jpoteet@appdefense.com 636.294.2774

Add a comment

Related presentations

Related pages

Home - Jerry Poteet's Jeet Kune Do

Jerry Poteet was trained personally and privately by Bruce Lee. Bruce Lee's Jeet Kune Do training by an original Bruce Lee Student. Jerry Poteet was ...
Read more

Home - Poteet High School - Home - Mesquite Independent ...

POTEET HIGH SCHOOL. 3300 POTEET DR, MESQUITE, TX 75150 • 972.882.5300. We are College Ready. We are Community. We are College Ready. We are Accomplished.
Read more

AppSec Washington 2005/Agenda - OWASP

AppSec Washington 2005/Agenda. From OWASP. Jump to: navigation, ... Jeremy Poteet - AppDefense - In the Line of Fire: Defending Highly Visible Targets ...
Read more

[Owasp-stlouis] 2nd meeting of the OWASP St. Louis Chapter ...

... Plain Text Version of announcement Gillham, ... Jeremy Poteet, ... "In the Line of Fire: ...
Read more

OWASP AppSec 2004 Presentation

Jeremy Poteet, CISSP Chief Security Officer, appDefense ... Arial Tahoma Webdings Wingdings Times New Roman Default Design In the Line of Fire: ...
Read more

Scott Poteet Facebook, Twitter & MySpace on PeekYou

PeekYou's people search has 29 people named Scott Poteet and you ... Ploetz walk the crowd line prior to the ... Jeremy Poteet , ... Falcons too ...
Read more

Niemeyer & Poteet, Extreme Programming with Ant: Building ...

EMS & Fire Science (Brady) Engineering; Fashion & Interior Design; Health Professions; Information Technology; Legal Studies & Paralegal; Nursing;
Read more

OWASP Source Code Center / Mailing Lists

Mailing Lists; OWASP Source Code Center beta. ... Jeremy Poteet, on the subject. ... "In the Line of Fire: ...
Read more