Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Real World Internet Security: Rakuten Fights Ag...

Avatar for OWASP Japan OWASP Japan
March 11, 2017
0
230

Real World Internet Security: Rakuten Fights Against Cybercrime

3/11にラック社において開催されたOWASP Dayにおける楽天福本さんからの発表資料です
Avatar for OWASP Japan

OWASP Japan

March 11, 2017
Tweet

More Decks by OWASP Japan

See All by OWASP Japan
OWASP Night 2019.03 Tokyo
Avatar for OWASP Japan owaspjapan
0
340
OWASP SAMMを活用したセキュア開発の推進
Avatar for OWASP Japan owaspjapan
0
1k
20190107_AbuseCaseCheatSheet
Avatar for OWASP Japan owaspjapan
0
180
セキュリティ要求定義で使える非機能要求グレードとASVS
Avatar for OWASP Japan owaspjapan
5
1k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
Avatar for OWASP Japan owaspjapan
9
3.3k
Shifting Left Like a Boss
Avatar for OWASP Japan owaspjapan
2
290
OWASP Top 10 and Your Web Apps
Avatar for OWASP Japan owaspjapan
2
380
OWASP Japan Proposal: Encouraging Japanese Translation
Avatar for OWASP Japan owaspjapan
1
240
elegance_of_OWASP_Top10_2017
Avatar for OWASP Japan owaspjapan
2
530

Featured

See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
124
52k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.3k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
181
53k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Done Done
Avatar for chrislema chrislema
184
16k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
69
11k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
720
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
411
22k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
Scaling GitHub
Avatar for Zach Holman holman
459
140k

Transcript

  1. Real World Internet Security: Rakuten Fights Against Cybercrime Rakuten, Inc

    Tech & Div : Jack Fukumoto 2017/03/11

  2. About Rakuten

  3. Global Rakuten

  4. Case Studies of Cyber Attacks in Rakuten

  5. 1. Taiwan Ichiba Persistent Phishing Attack ‘rakuten’ ‘rakutens’ Real Fake

  6. Browser based phishing protection Input phishing URLs into the APWG

    database. Some browser vendors blocked the phishing sites on the browser.

  7. 2. Case study of Man in the Browser Malware Login

    form was overwritten by the malware in order to get cards credentials.

  8. 3. DDoS Attacks

  9. 4. Massive Login Attacks

  10. ID Hacking Tools Criminals are buying attacking tools on the

    “Dark net”. The tools are customized to attack specifically Rakuten IDs. Distributed at the underground site.

  11. Security Measures of Rakuten

  12. Global Security Team 70 members from 13 countries

  13. Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC

    Operations Vulnerability Advisory, Regular Scanning Secure Development Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations

  14. Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC

    Operations Vulnerability Advisory, Regular Scanning Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations Secure Development

  15. Training : Secure Coding Training No Training 2003 Criteria for

    risk evaluation 5 :Critical 4 :High 3 :Middle 2 :Low 1 :No problem 2005 2008 20% reduction of additional audit cost Improved

  16. Verification : Security Audit (In-house) Vulnerability Assessment/Penetration Testing targeting web,

    mobile, servers. Pre-release Audit • Before the release of application • Developers needs to fix it before release Annual Regular Audit • Like the recent health check Security Due Diligence • Security status evaluation prior to acquisition

  17. Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC

    Operations Vulnerability Advisory, Regular Scanning Secure Development Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations

  18. Response : Rakuten-CERT (Established in 2007)

  19. OWASP: Contributing Corporate Members

  20. None