Imperva Blog|Login|中文Deutsch日本語
ADC Presentations
Why Does Database Patching Require A PhD?

Over the years there is a tendency among some database vendors to avoid disclosure of any technical details regarding patched vulnerabilities. Sadly, this approach puts database customers at risk. What can enterprises do? We show how to reverse engineer a handful of Oracle vulnerabilities and describe workarounds that could be put in place until the patch is applied.

Presented at: RSA Europe 2013 (Amsterdam, NL)

A Perfect CRIME? TIME Will Tell

Imperva's ADC Group has presented a new approach to the CRIME attack, which allows the attacker to launch the attack with no eavesdropping capabilities. The attack was first shown in BlackHat Europe in Amsterdam 2013.

The new attack technique, called TIME (Timing Info-leak Made Easy), is focusing on HTTPS Response as opposed to the original CRIME technique. TIME overcomes the two previously mentioned limitations of the original attack, removing the eavesdropping requirement, making the attack surface broader.

The TIME attack, which is mainly affecting Web Browsers means that all the hacker needs to do is to redirect an innocent victim to the malicious web server, apply certain JavaScript and get the victim's secret data.

Presented at: BlackHat Europe 2013

Tell Me Your IP And I Will Tell You Who You Are

IP addresses have been traditionally considered an unreliable method for attack detection. The unreliability is attributed to the use of web proxies, NAT and non-static IP addresses for end-stations. This session will demonstrate how information derived from IP addresses can in fact be used to dramatically improve attack detection capabilities. The presentation will discuss attributes such as Geo Location, Reverse DNS Lookup, Anonymous Proxy lists and more. We discuss how IP intelligence can be used to increase detection effectiveness (ratio of false positives to false negatives) by “ruling” on otherwise indecisive anomalies. We also discuss certain scenarios in which IP intelligence is crucial for even detecting anomalies. The presentation is supported by corroborative evidence derived from actual log data and demonstrates some of the tools that can be used for analysis.

Presented at: RSA Conference 2010

Staring at the Beast: 6 Months of Attack Vector Research

Security officers and vendors alike must look beyond traditional vulnerability information and become privy to the true activities of attackers, as well as be aware of true activity by hackers. In this session, we will look at the intelligence gathered through such data collection efforts that provide insight into the actual focus of hackers, current attack trends, behavioral patterns of attack, and attack tools. These help us create more effective security policies and tools in a timely manner.

Presented at: RSA Conference 2010

Business Logic Bots: Friend or Foe?

Cyber attacks are being committed more often by professionals, and are increasingly driven by financial motives. Researchers have discovered the increasing popularity of a certain class of attacks that target business logic. Business logic attacks are a set of legal application transactions that are used to carry out a malicious operation that is not part of normal business practices. For example, brute forcing coupon codes in an ecommerce application to receive multiple discounts. This presentation will provide a quick introduction to business logic attacks, their unique characteristics and the motivation behind their uptick. The session will suggest a classification method for these attacks from which attendees can draw a set of required mitigation capabilities. We will discuss capabilities required for detecting automated interaction with the application, different types of repetitions, flow tampering and even compromised credentials. We will also contemplate on the usage of mitigation techniques such as Captcha, introducing delays and more. Concluding this session we will bring up the claim that all these capabilities can be introduced in the form of a "virtual patch" using a web application firewall, rather than being exclusively fixed in application code.

Presented at: OWASP AppSec DC 2009

Business Logic Attacks: Bots and Bats

In this presentation Eldad Chai, Web Research Team Leader at Imperva, discusses the growing risk of business logic attacks. Business logic attacks are attacks that turn the web application functionalities against the business - breaking the business logic instead of breaking the application. Analyzing hacking incidents from the recent years that inflicted real money loss we see more facilitating business logic attacks. Some examples are comment SPAM and Web Leeching attacks and even a better example is how Google's own features are used by hackers to make money.

Presented at: OWASP AppSec Europe 2009 - Poland

Blame it on the Media(Bot) – Using Google Advertising Mechanism for Web Application Attacks

The research summarized in this presentation was aimed at demonstrating how search engines can be manipulated to serve as attack tools. We were able to show that the AdWords and AdSense services from Google can indeed be used to launch attacks against unsuspecting web applications. Attacks types we were able to demonstrate include buffer overflow, SQL injection and CSRF.

Presented at: Infosecurity Europe 2009

Web Application Security and Search Engines – Beyond Google Hacking

In this presentation, Imperva's CTO Amichai Shulman goes over incidents of accidental data leakage through search engines, Google Hacking threats and mitigation techniques, an overview of Google worms and related incidents, search engines used as a means of distributing malware, site masking threats and mitigation techniques, the “Search of Death” threat, and tools and best practices for protection against the various threats.

Presented at: OWASP Europe 2008

The Most Dangerous Web 2.0 Threats…and How to Stop Them

In this presentation, Ms. Noa Bar-Yosef, Security Research Engineer at Imperva, describes what Web 2.0 is, the key risks and challenges associated with Web 2.0, and mitigation techniques and practical approaches for protecting against vulnerabilities exposed through usage of Web 2.0 technologies.

Presented at: InfoSec Canada 2008

Defeating Web 2.0 Attacks without Recoding Applications

In this presentation, Imperva's CTO Amichai Shulman arms you with knowledge of JavaScript Hijacking and CSRF application attacks, how to detect and mitigate these attacks using code based and gateway solutions, and how a gateway based solution can provide automated protection against fraud attempts to exploit JS-Hijacking and CSRF based vulnerabilities.

Presented at: OWASP USA 2007

The Untold Tale of Database Communication Protocol Vulnerabilities

In this presentation, Imperva's CTO Amichai Shulman relates a history of the database threat environment, a walk-through of database vulnerabilities, and presents mitigation techniques for addressing database threats and vulnerabilities.

Presented at: BlackHat USA 2007

Top 10 Database Threats

In this presentation, Imperva's CTO Amichai Shulman explains the key drivers for database security, the top 10 database security threats, and suggested mitigation techniques. He ends by illustrating a “new approach” to database security- the database monitoring and security gateway solution, a unified solution for protecting both the data and the database.

Presented at: RSA Europe 2006, Sybase Techwave 2006, and RSA Japan 2007

Anatomy of a Database Attack

In this presentation, Imperva's CTO Amichai Shulman describes why hackers are motivated to launch database attacks, tools and techniques used to launch attacks, and methods for preventing attacks, including a database security gateway as a solution.

Presented at: InfoSec UK 2006, InfoSec USA 2007

Real Site Phishing and Advanced Cross Site Scripting

In this presentation, Imperva's CTO Amichai Shulman provides insight into what phishing is, types of phishing attacks, commonly proposed solutions for mitigating phishing attacks, advanced phishing techniques with Cross Site Scripting and Script Injection, and various defenses against phishing.

Presented at: RSA USA 2006

Traditional SQL Injection Protection: The Wrong Solution for the Right Problem

In this presentation, Imperva's CTO Amichai Shulman describes what SQL injection is, why it is one of the biggest threats to Web applications, several common protection mechanisms against SQL Injection and why these mechanisms fail to solve the SQL injection problems. The attack techniques presented are based on research from Imperva's Application Defense Center.

Presented at: RSA Europe 2005

Client Oriented Classification of DB Attacks and Countermeasures

In this presentation, Imperva's CTO Amichai Shulman explains the current landscape of database security, the pitfalls of existing database protection approaches, client based attack classification as a method for classifying the various types of users accessing the database, and considerations for building effective and efficient countermeasures.

Presented at: RSA USA 2005

Term of the Month