Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Real World Internet Security: Rakuten Fights Ag...

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for OWASP Japan OWASP Japan
March 11, 2017
260
0

Real World Internet Security: Rakuten Fights Against Cybercrime

3/11にラック社において開催されたOWASP Dayにおける楽天福本さんからの発表資料です

Avatar for OWASP Japan

OWASP Japan

March 11, 2017

More Decks by OWASP Japan

See All by OWASP Japan
OWASP Night 2019.03 Tokyo
Avatar for OWASP Japan owaspjapan
0
390
OWASP SAMMを活用したセキュア開発の推進
Avatar for OWASP Japan owaspjapan
0
1.1k
20190107_AbuseCaseCheatSheet
Avatar for OWASP Japan owaspjapan
0
210
セキュリティ要求定義で使える非機能要求グレードとASVS
Avatar for OWASP Japan owaspjapan
5
1.2k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
Avatar for OWASP Japan owaspjapan
9
3.5k
Shifting Left Like a Boss
Avatar for OWASP Japan owaspjapan
2
340
OWASP Top 10 and Your Web Apps
Avatar for OWASP Japan owaspjapan
2
420
OWASP Japan Proposal: Encouraging Japanese Translation
Avatar for OWASP Japan owaspjapan
1
290
elegance_of_OWASP_Top10_2017
Avatar for OWASP Japan owaspjapan
2
570

Featured

See All Featured
We Analyzed 250 Million AI Search Results: Here's What I Found
Avatar for Josh Blyskal joshbly
1
1.2k
Visual Storytelling: How to be a Superhuman Communicator
Avatar for David Neal reverentgeek
2
520
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1.2k
Leo the Paperboy
Avatar for Maya Tellez mayatellez
7
1.7k
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
1
280
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
350
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
110
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.9k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.6k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.5k

Transcript

  1. Real World Internet Security: Rakuten Fights Against Cybercrime Rakuten, Inc

    Tech & Div : Jack Fukumoto 2017/03/11

  2. About Rakuten

  3. Global Rakuten

  4. Case Studies of Cyber Attacks in Rakuten

  5. 1. Taiwan Ichiba Persistent Phishing Attack ‘rakuten’ ‘rakutens’ Real Fake

  6. Browser based phishing protection Input phishing URLs into the APWG

    database. Some browser vendors blocked the phishing sites on the browser.

  7. 2. Case study of Man in the Browser Malware Login

    form was overwritten by the malware in order to get cards credentials.

  8. 3. DDoS Attacks

  9. 4. Massive Login Attacks

  10. ID Hacking Tools Criminals are buying attacking tools on the

    “Dark net”. The tools are customized to attack specifically Rakuten IDs. Distributed at the underground site.

  11. Security Measures of Rakuten

  12. Global Security Team 70 members from 13 countries

  13. Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC

    Operations Vulnerability Advisory, Regular Scanning Secure Development Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations

  14. Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC

    Operations Vulnerability Advisory, Regular Scanning Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations Secure Development

  15. Training : Secure Coding Training No Training 2003 Criteria for

    risk evaluation 5 :Critical 4 :High 3 :Middle 2 :Low 1 :No problem 2005 2008 20% reduction of additional audit cost Improved

  16. Verification : Security Audit (In-house) Vulnerability Assessment/Penetration Testing targeting web,

    mobile, servers. Pre-release Audit • Before the release of application • Developers needs to fix it before release Annual Regular Audit • Like the recent health check Security Due Diligence • Security status evaluation prior to acquisition

  17. Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC

    Operations Vulnerability Advisory, Regular Scanning Secure Development Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations

  18. Response : Rakuten-CERT (Established in 2007)

  19. OWASP: Contributing Corporate Members

  20. None