Thursday, May 21 • 11:55 - 12:40
Maliciously Monetizing AppSec "Feature". It's All About The Money.

Sign up or log in to save this to your schedule and see who's attending!

Although the most common attack techniques are SQLi, Command Injection, RFI and XSS. Our research has found that some uncommon attack techniques are “profit driven” introducing attack sophistication by abusing application features or low Impact vulnerabilities such as: comments, page redirects and content availability. These attack techniques are used in order to promote fake brands, illegal services and attacking a competitors reputation.

Detecting this kind of attacks in real time was challenging, due to the inherent business logic exploited for malicious purposes. Our technique to detect them is anomaly detection with Akamai’s Big Data Platform, using a heuristic and forensic approach.
However, by careful review of the application logs, any affected party could identify these attacks. We will present a few examples of log entries that could be used to identify an attack.

To summarize the presentation we will also recommend on proper actions and mitigations that will help detecting and preventing related incidents.   

avatar for Ezra Caltum

Ezra Caltum

Ezra is an Information Security enthusiast, with experience in the fields of Secure Software Development, Security consulting, Forensics and Red Teaming. He currently serves as a Senior Security Researcher for Akamai's Cloud Security Intelligence platform. Ezra is one of the... Read More →
avatar for Or Katz

Or Katz

Principal Lead, Security Researcher, Akamai
Security research veteran, serves as principal lead security researcher for Akamai's Enterprise Security BU . Always excited to speak in security conferences, to share my research and thoughts. High school teacher one day a week.

Thursday May 21, 2015 11:55 - 12:40
Room E103 Amsterdam RAI

Attendees (0)