Back To Schedule
Thursday, May 21 • 11:55 - 12:40
Maliciously Monetizing AppSec "Feature". It's All About The Money.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Although the most common attack techniques are SQLi, Command Injection, RFI and XSS. Our research has found that some uncommon attack techniques are “profit driven” introducing attack sophistication by abusing application features or low Impact vulnerabilities such as: comments, page redirects and content availability. These attack techniques are used in order to promote fake brands, illegal services and attacking a competitors reputation.

Detecting this kind of attacks in real time was challenging, due to the inherent business logic exploited for malicious purposes. Our technique to detect them is anomaly detection with Akamai’s Big Data Platform, using a heuristic and forensic approach.
However, by careful review of the application logs, any affected party could identify these attacks. We will present a few examples of log entries that could be used to identify an attack.

To summarize the presentation we will also recommend on proper actions and mitigations that will help detecting and preventing related incidents.   

avatar for Ezra Caltum

Ezra Caltum

Ezra is an Information Security enthusiast, with experience in the fields of Secure Software Development, Security consulting, Forensics and Red Teaming. He currently serves as a Senior Security Researcher for Akamai's Cloud Security Intelligence platform. Ezra is one of the... Read More →
avatar for Or Katz

Or Katz

Principal Lead, Security Researcher, Akamai
Or Katz is a security veteran, with years of experience at industry leading vendors, currently serves as Principal Lead Security Researcher for Akamai. Katz is a frequent Speaker in security conferences and published several articles and white papers on threat intelligence and defensive... Read More →

Thursday May 21, 2015 11:55 - 12:40 CEST
Room E103 Amsterdam RAI

Attendees (0)