1 資資資資資資資資資資資資資資資資資資資資資資、、資資資資資 2015/02/05 CISM, CISSP, CSSLP CEH, ECSA, LPT

資安健檢因應配套

Download PPTX Report

Upload
-galaxy-software-services
View
89
Download
0

Embed Size (px)

Citation preview

1. 1 2015/02/05 CISM, CISSP, CSSLP CEH, ECSA, LPT
2. 2 13:30 ~ 13:35 13:35 ~ 14:15 | 14:15 ~ 14:55 - 10 Pro | 14:55 ~ 15:10 Break 15:10 ~ 16:10 Mobile - Apps Reverse Engineering Website Mobile APP Apps Apps Arxan | Rich Lord | 16:10 ~ 16:45 Mobile token SafeNet |
3. 3
4. 4 NIST SP 800-115 (review) (identify) (validate) NIST SP 800-53A (examine) (review) (inspect) (observe) (study) (analyze) (interview) (test)
5. 5 NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations NIST SP 800-53A Federal Information Systems and Organizations: Building Effective Assessment Plans
6. 6
7. 7 ( ) ()
8. 8 () (1~51)
9. NIST Cybersecurity Framework 9 () Identify Protect Detect Respond Recover
10. : 10
11. 11
12. 12 ( ) (DNS Server) IP
13. - 13 (log management) IDS/IPSDLP () ? ? ? ? NIST SP 800-92 Log Aggregation Guidelines Events
14. - 14 IP IP? ? Network Forensics
15. A T T A C K C O N T I N U U M BEFORE DURING AFTER See it, Control it Intelligent & Context Aware Retrospective Security Network | Endpoint | Mobile | Virtual Point-in-Time Continuous 15 : SourceFire
16. () 16 : PaloAlto Networks
17. () 3 2 1 17 : Damballa
18. () 18 Dynamic Generation Algorithm (DGA) Victim DNS Recursive DNS Authoritative Firewall Egress C&C Criminal Server Proxy Filtering TCP/IP Session Configuration File C&C Location Behaviors Seen & Benefits Malicious DNS queries Domain fast-fluxing detection New domain queries Unique victim enumeration Detection prior to egress DNS query termination Behaviors Seen & Benefits C&C connection behaviors/success URI identification (incl. HTTPS) Malicious file identification (Malware) Unique victim enumeration Bytes-in & bytes-out monitoring Full packet capture Session termination Behaviors Seen & Benefits C&C connection behaviors/success URI identification (incl. HTTPS) Malicious file identification (Malware) Unique victim enumeration Full packet capture Detection prior to egress Session termination : Damballa
19. () : SourceFire 19
20. 20
21. - 21
22. 22 22 (web)
23. 23 Database Network Appliance Virtual Server Windows/ UNIX/Linux Application Multiple Device Types CA ControlMinder Secure Password Storage Session Recording
24. 24 () (check-out check-in)
25. 25 WHO WHENWHERE WHAT
26. 26 Contractor / Partner Password Admin Auditor Systems Admin Applications Folders Data
27. 27 WHOWHEN WHEREWHAT
28. 28
29. 29 (deadlock)CPU ( )
30. :Apple SSL Bug 30 Apple SSL
31. : 31 A1315xxxxx 0920123xxx DESIGN REVIEW
32. - 32 OWASP Top 10 SANS Top 25
33. - 33
34. () 34
35. () 35 Cigital Touchpoint Model
36. 36
37. 37 1. 2. 3.
38. ()? 38
39. 39 AD
40. 40 https://www.checkmarx.com/glossary/software-code-analysis-securing-applications/ Checkmarx
41. - 41 OpenSAMM www.opensamm.org Level 1: Level 2: Level 3: BSIMM-V www.bsimm.com Level 1: Level 2: Level 3:& BSIMM-V
42. 42 Microsoft .NET Coding Guideline Oracle Java Coding Guideline Apple Coding Guideline Android Security Tips CERT Secure Coding Guidelines
43. 43 Cigital E-Learning (Commercial) SAFECode (Free) GSS Instructor-led Training
44. 44 5,000XSS () privacy violation passwordlogger() passworddatabase()
45. 45 jQuery1.6.4 Struts 2Spring 3.x API OWASP Top 10 Risk ()
46. 46
47. 47 Q&A