Akamai Diversity

The Akamai Blog

OWASP AppSec Europe 2015

This Year AppSecEU will be hosted in Amsterdam, Netherlands 19 - 22 May and Akamai Threat Research Team will be on stage.
Rise of the Machines - How automated processes overtook the web

May 21st: 11:55 - 12:40, Yossi Daya - Senior Security Researcher, Akamai

While we all surf the web, read news, buy products or download songs an entire world of automated minions are performing the dirty work for their human masters. These bots perform legal and illegal actions. In this talk, we will provide a deep overview into the web bots world in 2014, as it is seen by Akamai's intelligent platform; which handles 30%(!!!) of all web traffic every day.

Maliciously monetizing AppSec "Feature" - It's all about the $money

May 21st: 11:55 - 12:40, Ezra Caltum - Senior Security Researcher & Or Katz - Principal Security Researcher, Akamai

Not only high impact vulnerabilities are being exploited by cyber criminals to earn $money. In our research we identified that low impact, highly sophisticated and elusive attack techniques are being massively used in the wild.

Although the most common attack techniques are SQLi, Command Injection, RFI and XSS. Our research has found that some uncommon attack techniques are "profit driven" introducing attack sophistication by abusing application features or low Impact vulnerabilities such as: comments, page redirects and content availability. These attack techniques are used in order to promote fake brands, illegal services and attacking a competitor's reputation.

Detecting this kind of attacks in real time was challenging, due to the inherent business logic exploited for malicious purposes. Our technique to detect them is anomaly detection with Akamai's Big Data Platform, using a heuristic and forensic approach.

Come to meet us there, for more information about the conference program - http://2015.appsec.eu/conference-program/