Upload File

virtual patching

5
The OWASP Foundation http://www.owasp.org Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”

Upload: yadid

Post on 22-Feb-2016

80 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

Virtual Patching. “A security policy enforcement layer which prevents the exploitation of a known vulnerability”. Virtual Patching. Rationale for Usage No Source Code Access No Access to Developers High Cost/Time to Fix Benefit Reduce Time-to-Fix Reduce Attack Surface . - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Virtual Patching

The OWASP Foundationhttp://www.owasp.org

Virtual Patching

“A security policy enforcementlayer which prevents the exploitation of a knownvulnerability”

Page 2: Virtual Patching

The OWASP Foundationhttp://www.owasp.org

Virtual PatchingRationale for Usage

–No Source Code Access–No Access to Developers–High Cost/Time to Fix

Benefit–Reduce Time-to-Fix–Reduce Attack Surface

Page 3: Virtual Patching

The OWASP Foundationhttp://www.owasp.org

Strategic Remediation• Ownership is Builders• Focus on web application root causes

of vulnerabilities and creation of controls in code

• Ideas during design and initial coding phase of SDLC

• This takes serious time, expertise and planning

Page 4: Virtual Patching

The OWASP Foundationhttp://www.owasp.org

Tactical Remediation• Ownership is Defenders• Focus on web applications that are

already in production and exposed to attacks

• Examples include using a Web Application Firewall (WAF) such as ModSecurity

• Aim to minimize the Time-to-Fix exposures

Page 5: Virtual Patching

The OWASP Foundationhttp://www.owasp.orgOWASP ModSecurity Core Rule

Set

http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project


Strategy Patching & Coevolving

Patching a Patch Software Updates Using Horizontal Patching

Virtual patching

Oracle Database Patching - DOAG Deutsche ORACLE ... · Overview of Database Patch Delivery ... • MOS-Note 761111.1 – „RDBMS Online Patching Aka Hot Patching ... => Ab 12.1.0.1

Exadata Patching

Oa Patching r12

Patching Procedure

Raphael Bousso and Andrew Chamblin- Patching up the No-Boundary Proposal with virtual Euclidean wormholes

Light Board Op Patching

WAF Virtual Patching Challenge - Securing WebGoat with

Online Patching

Patching the pipeline

FMW patching guide

Oracle Apps Patching

Ebs12.2 online patching

Anatomy of a Database Attack - gavinsoorma.com€¦ · Anatomy of a Database Attack ... dbms_output.put_line(str); execute immediate str; ... + Virtual Patching & Protocol Validation

121adpp patching procedures

Patching Strategies and Best Practices - Parallel Patching

Virtual Patching in Mixed Environments: How it Works to ...about-threats.trendmicro.com › cloud-content › us › ent... · VIRTUAL PATCHING IN MIXED ENVIRONMENTS: HOW IT WORKS

Getting Started with Patching (Patching 101)

The Core Rule Set - OWASP...Three Protection Strategies for WAFs 1. External patching Also known as "just-in-time patching" or "virtual patching". 2. Positive security model An independent

Live Kernel Patching – status update · 2018. 3. 6. · Live Kernel Patching – status update Jiri Kosina SUSE Labs. 2 Outline ... Immediate patching

The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching

‘Dynamic’ kernel patching

os patching

Patching in Oracle

Pavement Patching Practices

R12.2 Patching Doc

Oracle Secure Patching Concept

SCCM Patching Tutorial

Common IT security challenges organizations facedocuments.trendmicro.com/assets/primers/tlp-virtual-patching-in-mix… · Common IT security challenges organizations face While IT

SharePoint Patching

Oem12c patching -OOW13

less18 Patching

PatchingOracle Database Patching