Preview:
Citation preview
- 1. 1 2015/02/05 CISM, CISSP, CSSLP CEH, ECSA, LPT
- 2. 2 13:30 ~ 13:35 13:35 ~ 14:15 | 14:15 ~ 14:55 - 10 Pro |
14:55 ~ 15:10 Break 15:10 ~ 16:10 Mobile - Apps Reverse Engineering
Website Mobile APP Apps Apps Arxan | Rich Lord | 16:10 ~ 16:45
Mobile token SafeNet |
- 3. 3
- 4. 4 NIST SP 800-115 (review) (identify) (validate) NIST SP
800-53A (examine) (review) (inspect) (observe) (study) (analyze)
(interview) (test)
- 5. 5 NIST SP 800-53 Security and Privacy Controls for Federal
Information Systems and Organizations NIST SP 800-53A Federal
Information Systems and Organizations: Building Effective
Assessment Plans
- 6. 6
- 7. 7 ( ) ()
- 8. 8 () (1~51)
- 9. NIST Cybersecurity Framework 9 () Identify Protect Detect
Respond Recover
- 10. : 10
- 11. 11
- 12. 12 ( ) (DNS Server) IP
- 13. - 13 (log management) IDS/IPSDLP () ? ? ? ? NIST SP 800-92
Log Aggregation Guidelines Events
- 14. - 14 IP IP? ? Network Forensics
- 15. A T T A C K C O N T I N U U M BEFORE DURING AFTER See it,
Control it Intelligent & Context Aware Retrospective Security
Network | Endpoint | Mobile | Virtual Point-in-Time Continuous 15 :
SourceFire
- 16. () 16 : PaloAlto Networks
- 17. () 3 2 1 17 : Damballa
- 18. () 18 Dynamic Generation Algorithm (DGA) Victim DNS
Recursive DNS Authoritative Firewall Egress C&C Criminal Server
Proxy Filtering TCP/IP Session Configuration File C&C Location
Behaviors Seen & Benefits Malicious DNS queries Domain
fast-fluxing detection New domain queries Unique victim enumeration
Detection prior to egress DNS query termination Behaviors Seen
& Benefits C&C connection behaviors/success URI
identification (incl. HTTPS) Malicious file identification
(Malware) Unique victim enumeration Bytes-in & bytes-out
monitoring Full packet capture Session termination Behaviors Seen
& Benefits C&C connection behaviors/success URI
identification (incl. HTTPS) Malicious file identification
(Malware) Unique victim enumeration Full packet capture Detection
prior to egress Session termination : Damballa
- 19. () : SourceFire 19
- 20. 20
- 21. - 21
- 22. 22 22 (web)
- 23. 23 Database Network Appliance Virtual Server Windows/
UNIX/Linux Application Multiple Device Types CA ControlMinder
Secure Password Storage Session Recording
- 24. 24 () (check-out check-in)
- 25. 25 WHO WHENWHERE WHAT
- 26. 26 Contractor / Partner Password Admin Auditor Systems
Admin Applications Folders Data
- 27. 27 WHOWHEN WHEREWHAT
- 28. 28
- 29. 29 (deadlock)CPU ( )
- 30. :Apple SSL Bug 30 Apple SSL
- 31. : 31 A1315xxxxx 0920123xxx DESIGN REVIEW
- 32. - 32 OWASP Top 10 SANS Top 25
- 33. - 33
- 34. () 34
- 35. () 35 Cigital Touchpoint Model
- 36. 36
- 37. 37 1. 2. 3.
- 38. ()? 38
- 39. 39 AD
- 40. 40
https://www.checkmarx.com/glossary/software-code-analysis-securing-applications/
Checkmarx
- 41. - 41 OpenSAMM www.opensamm.org Level 1: Level 2: Level 3:
BSIMM-V www.bsimm.com Level 1: Level 2: Level 3:& BSIMM-V
- 42. 42 Microsoft .NET Coding Guideline Oracle Java Coding
Guideline Apple Coding Guideline Android Security Tips CERT Secure
Coding Guidelines
- 43. 43 Cigital E-Learning (Commercial) SAFECode (Free) GSS
Instructor-led Training
- 44. 44 5,000XSS () privacy violation passwordlogger()
passworddatabase()
- 45. 45 jQuery1.6.4 Struts 2Spring 3.x API OWASP Top 10 Risk
()
- 46. 46
- 47. 47 Q&A