1. Hijacking Web Servers & Clients New generation threats and mitigation Renaud Bidou - CTO Mohammad ShAms – Director, ME Operations

3. DenyAll in France

4. DenyAll WorldWide DIRF – SOCIETE GENERALE – EGE - CNSS – etc. SOCIETE GENERALE ANSI, ZITOUNA BANK – MINISTERE INTERIEUR - etc. SOCIETE GENERALE, etc. SH&Co, etc. BNPP, etc. SOCIETE GENERALE, etc. ACCOR - SOCIETE GENERALE - AREVA – etc. Accor, etc. BNP PARIBAS INSURANCE - ACCOR – etc. BNPP Insurance, etc. BNPP Insurance, etc. BNPP Insurance, etc. BNPP, etc. IP LIMITED, etc. SOCIETE GENERALE LUX – EBRC - CACEIS – etc. DANSKE BANK – KOPENHAGEN-FUR – etc. AKTIA BANK, etc. SENTOR – SVERIGE – etc TOYOTA BANK – etc. SITEL FRIBOURG - BNP PARIBAS CH - TOTAL SA – SOCIETE GENERALE PB – STIHL – IWB – etc. GROUPAMA – TDN – BT – IB SALUT – SATEC CANTABRIA – JUNTA DE EXTREMADURA – etc. ARAG-IT – BASF-IT – ARAGO – UNIONINVEST – BROSE – BSH – ENDRESS-HAUSER – NETCONSULT – HELMICH – STADTWERKE – INVIK-BANK – JULIUS-BAR-BANK – MARKANT – BIT – STIHL – TECHEM – THURINGER – ATOS WORLDLINE – etc. BNP PARIBAS UK - ARVAL UK – etc. . LA POSTE – DZ BANK – PETERCAM -etc INPS, etc

5. Threats Overview

6. Why Application Security ? 75% of all attacks are directed to the Web applications layer 2/3 of all Web applications are vulnerable In the first half 2010 web application vulnerabilities have reached 50 per cent of all code flaws reported. Most web site owners fail to scan effectively for the common flaws. Application patching is much slower than Operating System patching.

7. Web Attacks Targets & Impacts Information Leak Credentials Theft Identity Theft Authorization Abuses Transaction Compromise Defacement Malware Planting Session Hijacking Denial of Service Bounce Password Guess Remote Control Data Theft Data Corruption Data Deletion Remote Control Persistent Injections Processes Corruption Data Interception Denial of Service Client Web Server Database Server Application Servers / Web Services

8. Hijacking Servers & Clients Information Leak Credentials Theft Identity Theft Authorization Abuses Transaction Compromise Defacement Malware Planting Session Hijacking Denial of Service Bounce Password Guess Remote Control Data Theft Data Corruption Data Deletion Remote Control Persistent Injections Processes Corruption Data Interception Denial of Service Client Web Server Database Server Application Servers / Web Services

9. Threats Keyloggers

12. Example : A simple keylogger

13. Threats Browsers Compromise

15. Browser Internals NTDLL.DLL KERNEL32.DLL USER32.DLL WININET.DLL URLMON.DLL MSHTML.DLL SHDOCVW.DLL BROWSEUI.DLL IEXPLORE.EXE Tab 1 Tab n IE user interface Bars, menus etc. Browser Control Navigation, history Exposes ActiveX interface Rendering MIME handling Code download Security IP Handler HTTP & FTP Windows UI Handles components Base API Calls NTDLL API Native API OS user-mode components ~200.000 function calls at IE launch You cannot monitor everything

16. Browser Attack Surface WININET.DLL URLMON.DLL MSHTML.DLL SHDOCVW.DLL BROWSEUI.DLL IEXPLORE.EXE Tab 1 Tab n Control navigation Control display Alter security policy Communicate…

18. Example : A simple keylogger

19. Threats Servers Compromise

25. 4 players game schema 1 . Hacker compromises Relay 2 . Hacker exploits XSS vulnerability 3 . Victim goes on compromised page 4 . Malicious Javascript is loaded on Victim 6 . Victim sends information to Relay 7 . Information sent back to Hacker 5 . Victim executes Javascript 8 . Relay sends new commands to Victim

29. Thank you for your valuable time Q&A

30. (Distributor for Middle East & SE Europe ) 2702A Business Central Towers Dubai Internet City, PO. Box: 503012 Dubai, United Arab Emirates Tel: 04-3754306 E-mail: middle-east@recro-net.com www.recro-net.com