Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Real World Internet Security: Rakuten Fights Ag...
Search
OWASP Japan
March 11, 2017
270
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Real World Internet Security: Rakuten Fights Against Cybercrime
3/11にラック社において開催されたOWASP Dayにおける楽天福本さんからの発表資料です
OWASP Japan
March 11, 2017
More Decks by OWASP Japan
See All by OWASP Japan
OWASP Night 2019.03 Tokyo
owaspjapan
0
400
OWASP SAMMを活用したセキュア開発の推進
owaspjapan
0
1.1k
20190107_AbuseCaseCheatSheet
owaspjapan
0
220
セキュリティ要求定義で使える非機能要求グレードとASVS
owaspjapan
5
1.2k
AWSクラスタに捧ぐウェブを衛っていく方法論と死なない程度の修羅場の価値
owaspjapan
9
3.5k
Shifting Left Like a Boss
owaspjapan
2
340
OWASP Top 10 and Your Web Apps
owaspjapan
2
430
OWASP Japan Proposal: Encouraging Japanese Translation
owaspjapan
1
300
elegance_of_OWASP_Top10_2017
owaspjapan
2
580
Featured
See All Featured
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
3
910
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.6k
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
450
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
330
The Language of Interfaces
destraynor
162
27k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.2k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
Practical Orchestrator
shlominoach
191
11k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
870
Navigating Weather and Climate Data
rabernat
0
300
Transcript
Real World Internet Security: Rakuten Fights Against Cybercrime Rakuten, Inc
Tech & Div : Jack Fukumoto 2017/03/11
About Rakuten
Global Rakuten
Case Studies of Cyber Attacks in Rakuten
1. Taiwan Ichiba Persistent Phishing Attack ‘rakuten’ ‘rakutens’ Real Fake
Browser based phishing protection Input phishing URLs into the APWG
database. Some browser vendors blocked the phishing sites on the browser.
2. Case study of Man in the Browser Malware Login
form was overwritten by the malware in order to get cards credentials.
3. DDoS Attacks
4. Massive Login Attacks
ID Hacking Tools Criminals are buying attacking tools on the
“Dark net”. The tools are customized to attack specifically Rakuten IDs. Distributed at the underground site.
Security Measures of Rakuten
Global Security Team 70 members from 13 countries
Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC
Operations Vulnerability Advisory, Regular Scanning Secure Development Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations
Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC
Operations Vulnerability Advisory, Regular Scanning Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations Secure Development
Training : Secure Coding Training No Training 2003 Criteria for
risk evaluation 5 :Critical 4 :High 3 :Middle 2 :Low 1 :No problem 2005 2008 20% reduction of additional audit cost Improved
Verification : Security Audit (In-house) Vulnerability Assessment/Penetration Testing targeting web,
mobile, servers. Pre-release Audit • Before the release of application • Developers needs to fix it before release Annual Regular Audit • Like the recent health check Security Due Diligence • Security status evaluation prior to acquisition
Security Countermeasures Response Incident Handing, Forensic, Malware Analysis Monitoring SOC
Operations Vulnerability Advisory, Regular Scanning Secure Development Static Analysis, Coding Guide Security Guidelines Dynamic Scan, Security Audit Security Review, Consulting Design Requirements Verification Implementation Training Secure Coding, Security Operations Training Security Operations
Response : Rakuten-CERT (Established in 2007)
OWASP: Contributing Corporate Members
None