Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Big Data for Web Application Security

Mike Arpaia
August 01, 2013
Programming
2
620

Big Data for Web Application Security

The security posture of an application is directly proportional to the amount of information that is known about the application. Although the advantages of analytics from a data science perspective are well known and well documented, the advantages of analytics from a web application security perspective are neither well known nor well documented. How can we, as web application security practitioners, take advantage of big data stacks to improve the security posture of our applications? This talk will dive into the ways that big data analytics can be taken advantage of to create effective defenses for web applications today. We'll outline the fundamental problems that can and should be solved with big data and outline the classes of security mechanisms that simply, based on their nature, cannot be solved with big data. Once an understanding of the domain is established, we'll explore several specific examples that outline how one security team uses big data every day to solve hard, interesting problems and create a safer experience for its users.

Mike Arpaia

August 01, 2013
Tweet

More Decks by Mike Arpaia

See All by Mike Arpaia
Using a Kubernetes Operator to Manage Application Tenancy in a B2B SaaS App
marpaia
0
370
Starting, growing, and scaling your host intrusion detection efforts
marpaia
2
660
Building successful open source security software
marpaia
1
510
osquery: approaching security the hacker way
marpaia
0
1.1k
OS X Operating System Security at Scale
marpaia
0
39
Host intrusion detection with osquery
marpaia
5
2.8k
Data Driven Web Application Security
marpaia
3
1.1k
iOS and Android Security Mechanisms and Exploit Mitigations
marpaia
4
2.5k
Mobile Exploit Intelligence Project
marpaia
1
220

Other Decks in Programming

See All in Programming
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
990
PostmanでAPIの動作確認が楽になった話
h455h1
0
190
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
4
440
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
9
4.3k
Git Rebase
bkuhlmann
11
1.6k
パフォーマンスを求めてDBに機能を寄せる戦略
aoyagikouhei
0
110
初心者のためのRubyKaigi入門/RubyKaigi Introduction
a_matsuda
10
1.6k
Ruby GitHub Packages
bkuhlmann
0
650
Ruby Function Composition
bkuhlmann
1
340
Exploring the Implementation of “t.Run”, “t.Parallel”, and “t.Cleanup”
akarin
1
140
VS Code をプロダクトにどう取り込むか
onomax
1
770
Java 22 Overview
kishida
1
200

Featured

See All Featured
Code Reviewing Like a Champion
maltzj
515
39k
Web Components: a chance to create the future
zenorocha
306
41k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
323
20k
Web development in the modern age
philhawksworth
203
10k
It's Worth the Effort
3n
180
27k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
From Idea to $5000 a Month in 5 Months
shpigford
378
45k
Statistics for Hackers
jakevdp
790
220k
A Tale of Four Properties
chriscoyier
153
22k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k

Transcript

  1. Big Data for Web Application Security Mike Arpaia Kyle Barry

  2. None

  3. Mike Arpaia Senior Software Engineer @mikearpaia

  4. Mike Arpaia Senior Software Engineer @mikearpaia Kyle Barry Security Engineering

    Manager @allofmywats

  5. https://www.etsy.com/listing/92868829/the-oh-my-orange-elephant-designer-wall

  6. https://www.etsy.com/listing/100312293/keep-calm-and-carry-yarn-digital

  7. http://www.etsy.com/listing/116016218/atomic-orbits-chemistry-fat-quarter

  8. https://www.etsy.com/listing/104411356/leather-iphone-44s-case-slipcover-sleeve

  9. MapReduce

  10. Disk Performance 0 500 1000 1500 2000 1998 1999 2000

    2001 2002 2003 2004 2005 2006 2007 2008 Capacity in GB

  11. Disk Performance 0 500 1000 1500 2000 1998 1999 2000

    2001 2002 2003 2004 2005 2006 2007 2008 Capacity in GB Transfer Rate in GB/s

  12. Let’s add disks! 0 275 550 825 1100 1 2

    3 4 5 6 7 8 9 10 Seconds it takes to read 1 TB of data at 1 GB/s

  13. Sounds good.

  14. Good for ad-hoc, whole dataset analysis Linearly scalable programming model

  15. Cascading

  16. Complex Workflows

  17. Less lines of code

  18. Minimal barrier to entry

  19. Etsy’s Workflow

  20. Awesome Data Team

  21. 5 steps to create a job

  22. 1. Write job

  23. 2. Run job

  24. 3. Verify job output

  25. 4. Commit job

  26. 5. Schedule job

  27. Be happy

  28. Security Mechanisms

  29. First, a thesis

  30. The security posture of your application is directly proportional to

    how much you know about your application.

  31. Reactive Security

  32. Real-time event monitoring and alerting Events that trigger immediate response

    You always query the same data and you do it often
  33. None

  34. graphite

  35. None

  36. Proactive Security

  37. Things we do now to protect us later Actions taken

    to prevent future compromise
  38. None
  39. None

  40. Incident Response

  41. Ad-hoc analysis of a large dataset Driven by an event

    or incident You’re not going to do it more than once Needs to be fast
  42. None

  43. Gather data to create reactive security mechanisms Gather data to

    create proactive security mechanisms Directly create a new proactive security mechanism Perform incident response

  44. Gather data to create reactive security mechanisms Gather data to

    create proactive security mechanisms Directly create a new proactive security mechanism Perform incident response

  45. Gather data to create reactive security mechanisms Gather data to

    create proactive security mechanisms Directly create new proactive security mechanisms Perform incident response

  46. Gather data to create reactive security mechanisms Gather data to

    create proactive security mechanisms Directly create new proactive security mechanisms Perform incident response
  47. None

  48. Reactive Security

  49. None
  50. None
  51. None
  52. None

  53. Use analytics to set thresholds

  54. Proactive Security

  55. Goal Full-site SSL for all Etsy sellers

  56. analytics_cascade do analytics_flow do analytics_source 'event_logs' tap_db_snapshot 'users_index' assembly 'event_logs'

    do group_by 'user_id', 'scheme' do count 'value' end end assembly 'users_index' do project 'user_id', 'is_seller' end assembly 'ssl_traffic' do project 'user_id', 'is_seller', 'scheme', 'value' group_by 'is_seller', 'scheme' do count 'value' end end analytics_sink 'ssl_traffic' end end
  57. None

  58. Incident Response

  59. • URL Patterns • IP Addresses Simple Patterns

  60. analytics_cascade do analytics_flow do analytics_source 'access_logs' assembly 'incident_response' do query_event

    'timestamp', 'request_uri', 'useragent', 'ip' where '"/bad_url.php'".equals(request_uri:string) group_by ’url’ do count 'value' end end analytics_sink 'incident_response' end end
  61. None