|
What is the threat?
How can you analyze the threat?
.
- Threat agents/actors:
- internal, external, partner
- Intentions and motivations:
- financial, political
- Actions:
- hacking, malware, physical, push, pull
What types of threats are out there?
.
- Viruses, worms, trojans, adware, spyware, malware, etc.
- Disgruntled employees or contractors
- Organized crime, gangs, or others interested in illegal gain
- Corporations or governments engaged in espionage
- Politically motivated individuals or groups
- Accidental or careless actions
- Natural disasters, no offsite backups
How bad is it?
.
- Forbes: Biggest Cyber Attack in History.
- Imperva: 1 website had 26 attacks per minute.
- Symantec: 42% increase in attacks.
- Network World: 70%-80% of attacks via the Internet now originate from exploit kits.
What threats are specific to PHP?
.
- Problems due to misconfiguration
- Failure to filter/validate $_* data
- Attacks: XSS, Session, Injection, etc.
- Open source vulnerabilities
What are some resources to find out more?
.
- OWASP .
- php.net .
- Open Source Vulnerability Database .
- PHP Version Details .
- darkreading.com .
- Open source: go to that website .
|
|