an overview of web security
TRANSCRIPT
Copyright Bee Ware 2013
For more information : www.bee-ware.net/en
About Bee Ware: Bee Ware is a European provider of solutions for security and availability of Web applications. Bee Ware’s i-Suite solution provides
organizations of all sizes with the means to ght the growing threats that can impact their activity while ensuring optimum quality of service and
performance.
Sources: Bee Ware, Economie et Société, IDC, Infographics Mania, Internet Retailer, IVIZ, Les Echos,
MMcAfee, Opinion Way, OWASP, Ponemon Institut, SANS Institute, UNODC, White Hat.
From A User Perspective
60% of people use the same password across multiple sites
55% of companies are concerned with identity theft
49% of users do not use complex passwords or do not change them regularly
From A Company Perspective
73%
90%
30%
99%
42%
8/10websites have serious vulnerabilities
of organizations have been hacked at least once through insecure web applications
of detected hacking incidents are never disclosed to the general public
of the hacked organizations already knew their vulnerability
of logs are reviewed or monitored only when alerts are raised
of intrusions result from the exploitation of known vulnerabilities
On the User Side
Do not use personal information in passwords
Use different passwords for your various accounts
Setup 2-factor authentication whenever possible
Do not use public computers or personal smartphones to access corporate sensitive data
1
2
3
4
On the Application Side
Secure all web administration domains with SSL protocol (https)
Do not settle for default conguration of accounts and proles in network and security products
Delete all default accounts from your IT pproducts
Adjust your security policies to the criticalityof the information
Apply xes and updates to your web applications and infrastructure frequently and regularly
Do not trust HTTP referrers (too easy to forge)
UUse a web application rewall specically congured for your environment
Secure web application admin zones by restricting authorized IP addresses
Validate data entry on the server side (rather than client)
Reduce information disclosing by changing AApache ServerTokens and by creating secureerror messages
11
12
13
14
15
16
17
18
19
20
On the Server Side
Use root account only when necessary
Use Private Networks for internal server trafficwhenever possible
Log every admin access with time stamp and name of every user
Monitor web traffic for any unusual traffic or aor activity
Run local and remote security scans on a regular basis
Test out your backups
5
6
7
8
9
10
$ 1 trillion
$ 3.5 billion
$ 2,86 million
Total estimated cost of cyber criminality: up to $1 trillion a yearIdentity theft generates $1 billion per year
The cost related to data loss and theft in France is approximately
$ 2,86 million per “incident”
Online fraud cost totaled $3.5 billion in 2012 for e-retailers
Security Policy
of organizations do not have a formal documented security policy in place35%
Cloud & SaaS
AgreeDisagreeNeutral
45%22%
33%
The potential security risks introduced by cloud computing and SaaS far outweigh the benets
Increasing volume of threats and/or attacks 63%
Increasing sophistication of attacks 61%
Complexity of security solutions 53%
The most frequently quoted challenges
Security Challenges
64% Difficulty in securing web applications60% Web 2.0 use
by employees
The most important challenges over the next 12 months
20 tips
Consequences
Major Web Security Risks
AN OVERVIEW OF WEB SECURITY
Data presented and consolidated by Bee Ware