Upload
galaxy-software-services
View
597
Download
6
Embed Size (px)
Citation preview
1
2015/02/05
CISM, CISSP, CSSLP CEH, ECSA, LPT
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
2
13:30 ~ 13:35
13:35 ~ 14:15
|
14:15 ~ 14:55 - 10 Pro
|
14:55 ~ 15:10 Break
15:10 ~ 16:10 Mobile - Apps Reverse Engineering Website Mobile APP Apps Apps
Arxan | Rich Lord
|
16:10 ~ 16:45 Mobile token
SafeNet |
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
3
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
4
NIST SP 800-115
(review)
(identify)
(validate)
NIST SP 800-53A
(examine)
(review)
(inspect)
(observe)
(study)
(analyze)
(interview)
(test)
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
5
NIST SP 800-53 Security and Privacy Controls for
Federal Information Systems and Organizations
NIST SP 800-53A Federal Information Systems and Organizations:
Building Effective Assessment Plans
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
6
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
7
()
()
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
8
()
(1~51)
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
NIST Cybersecurity Framework
9
() Identify
Protect
Detect
Respond
Recover
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
:
10
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
11
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
12
()
(DNS Server)IP
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
-
13
(log management) IDS/IPSDLP()
? ? ? ?
NIST SP 800-92 Log Aggregation Guidelines
Events
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
-
14
IP IP? ?
Network Forensics
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
A T T A C K C O N T I N U U M
BEFORE DURING AFTER See it,
Control it
Intelligent &
Context Aware
Retrospective
Security
Network | Endpoint | Mobile | Virtual
Point-in-Time Continuous
15
: SourceFire
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
()
16
: PaloAlto Networks
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
()
3
2 1
17
: Damballa
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
()
18
Dynamic
Generation
Algorithm (DGA)
Victim
DNS Recursive
DNS Authoritative
Firewall Egress
C&C Criminal Server
Proxy Filtering
TCP/IP Session
Configuration
File
C&C Location
Behaviors Seen & Benefits Malicious DNS queries Domain fast-fluxing detection New domain queries Unique victim enumeration Detection prior to egress DNS query termination
Behaviors Seen & Benefits C&C connection behaviors/success URI identification (incl. HTTPS) Malicious file identification (Malware) Unique victim enumeration Bytes-in & bytes-out monitoring Full packet capture Session termination
Behaviors Seen & Benefits C&C connection behaviors/success URI identification (incl. HTTPS) Malicious file identification (Malware) Unique victim enumeration Full packet capture Detection prior to egress Session termination
: Damballa
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
() : SourceFire
19
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
20
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
-
21
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
22
22
(web)
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
23
Database
Network Appliance
Virtual Server
Windows/ UNIX/Linux
Application
Multiple Device Types
CA ControlMinder
Secure Password Storage
Session Recording
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
24
() (check-out check-in)
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
25
WHO WHEN WHERE WHAT
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
26
Contractor / Partner
Password Admin
Auditor
Systems Admin
Applications
Folders
Data
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
27
WHO WHEN WHERE WHAT
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
28
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
29
(deadlock)CPU()
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
:Apple SSL Bug
30
Apple SSL
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
:
31
A1315xxxxx
0920123xxx
DESIGN REVIEW
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
-
32
OWASP Top 10
SANS Top 25
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
-
33
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
()
34
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
()
35
Cigital Touchpoint Model
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
36
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
37
1.
2. 3.
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
()?
38
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
39
AD
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
40
https://www.checkmarx.com/glossary/software-code-analysis-securing-applications/
Checkmarx
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
-
41
OpenSAMM www.opensamm.org
Level 1:
Level 2:
Level 3:
BSIMM-V www.bsimm.com
Level 1:
Level 2:
Level 3:&
BSIMM-V
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
42
Microsoft .NET Coding Guideline
Oracle Java Coding Guideline
Apple Coding Guideline
Android Security Tips
CERT Secure Coding Guidelines
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
43
Cigital E-Learning (Commercial)
SAFECode (Free)
GSS Instructor-led Training
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
44
5,000XSS ()
privacy violation passwordlogger()
passworddatabase()
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
45
jQuery1.6.4
Struts 2Spring 3.x
API
OWASP Top 10 Risk
()
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
46
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentation
47
Q&A
please visit
www.gss.com.tw/index.php/focus/security
http://www.gss.com.tw/?utm_source=slideshare&utm_medium=presentationhttp://www.gss.com.tw/index.php/focus/security?utm_source=slideSecurityCheck&utm_medium=slideshare