Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web - - PowerPoint PPT Presentation

web app
SMART_READER_LITE
LIVE PREVIEW

Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web - - PowerPoint PPT Presentation

Feb 04, 2023 269 likes •492 views

August 21, 2019 Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu curity rity Project ject OWASP ModSecurity Core Rule Set (CRS) OWASP Top 10 Most Critical Web Application Security Risks

slide-1
SLIDE 1

August 21, 2019

Log Analytics

Web App

slide-2
SLIDE 2

www.roykim.ca roy@roykim.ca

slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5

Op Open Web Applica cation tion Secu curity rity Project ject OWASP ModSecurity Core Rule Set (CRS)

slide-6
SLIDE 6

OWASP Top 10 Most Critical Web Application Security Risks

A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging&Monitoring

slide-7
SLIDE 7

* https://www.zaproxy.org/

https://github.com/zaproxy/zap-hud

slide-8
SLIDE 8

Case Management Analytics - Alerts

Azure Sentinel

slide-9
SLIDE 9

Azure Application Gateway

▪ An application delivery controller ▪ layer 7 load balancing/routing capabilities ▪ web application firewall.

slide-10
SLIDE 10

OWASP ModSecurity Core Rule Set

slide-11
SLIDE 11

https://docs.microsoft.com/en-us/azure/azure-monitor/azure-monitor-rebrand#log-analytics-redefinition

slide-12
SLIDE 12
slide-13
SLIDE 13
slide-14
SLIDE 14
slide-15
SLIDE 15
  • Configuration
  • Penetration Test
  • Monitoring with Log Analytics
  • Alert
  • Security Center, Azure Sentinel

* see appendix slides for demo screenshots

slide-16
SLIDE 16
slide-17
SLIDE 17

roy@roykim.ca

slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20
slide-21
SLIDE 21