Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”

Published byJérôme Doré Modified over 6 years ago

Similar presentations

Presentation on theme: "Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”"— Presentation transcript:

1 Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”

2 Virtual Patching Rationale for Usage No Source Code Access
No Access to Developers High Cost/Time to Fix Benefit Reduce Time-to-Fix Reduce Attack Surface

3 Strategic Remediation
Ownership is Builders Focus on web application root causes of vulnerabilities and creation of controls in code Ideas during design and initial coding phase of SDLC This takes serious time, expertise and planning

4 Tactical Remediation Ownership is Defenders
Focus on web applications that are already in production and exposed to attacks Examples include using a Web Application Firewall (WAF) such as ModSecurity Aim to minimize the Time-to-Fix exposures

5 OWASP ModSecurity Core Rule Set

Download ppt "Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”"

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
OWASP Periodic Table of Vulnerabilities James Landis

OWASP Periodic Table of Vulnerabilities James Landis
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Computer Security Workshops Security 101 - Introduction, Central Principles and Concepts.

Computer Security Workshops Security Introduction, Central Principles and Concepts.
OWASP. To ensure that strong simple security controls are available to every developer in every environment ESAPI Mission.

OWASP. To ensure that strong simple security controls are available to every developer in every environment ESAPI Mission.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Network Security Overview Tales from the trenches.

Network Security Overview Tales from the trenches.
Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.

Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.
OWASP APPSEC, 2013 JEREMIAH GROSSMAN Founder and THE REAL STATE OF WEBSITE SECURITY and THE TRUTH ABOUT ACCOUNTABILITY and “BEST-PRACTICES.”

OWASP APPSEC, 2013 JEREMIAH GROSSMAN Founder and THE REAL STATE OF WEBSITE SECURITY and THE TRUTH ABOUT ACCOUNTABILITY and “BEST-PRACTICES.”
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
Www..com WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.

WAFs in the Cloud A new direction for WAFs? Ofer Shezaf January 2010.
Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.

Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.
The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.

The OWASP Foundation Setting up a Secure Development Life Cycle with OWASP Seba Deleersnyder OWASP Foundation Board.
Expert System Approach on Web Vulnerability Analysis 20103272 / Jong Heon, PARK 20103616 / Hyun Woo, CHO CS548 Advanced Information Security Term Project.

Expert System Approach on Web Vulnerability Analysis / Jong Heon, PARK / Hyun Woo, CHO CS548 Advanced Information Security Term Project.
By Josh Sokol. # whoami  Josh Sokol  B.S. in Computer Science  Cisco Certified Network Associate (CCNA)  SANS GIAC in Web Application.

By Josh Sokol. # whoami  Josh Sokol  B.S. in Computer Science  Cisco Certified Network Associate (CCNA)  SANS GIAC in Web Application.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.

Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

Similar presentations

Ads by Google