Information Technology at Emory Information Technology Division Technical Services IT Briefing Agenda 7/17/05 • New scanning tools • EOL/eVax & BTS • Oracle Names to OID • Manage IT self- service • TS Update • NetCom Q&A • Jay Flanagan • Marisa Benson • Mark Parten • Karen Jenkins • Theresa Goriczynski • Paul Petersen
IT Briefing Agenda 7/17/05. New scanning tools EOL/eVax & BTS Oracle Names to OID Manage IT self-service TS Update NetCom Q&A. Jay Flanagan Marisa Benson Mark Parten Karen Jenkins Theresa Goriczynski Paul Petersen. Web Application Vulnerability Protection. Jay D. Flanagan. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Information Technology at Emory
Information Technology DivisionTechnical Services
IT Briefing Agenda 7/17/05
• New scanning tools• EOL/eVax & BTS• Oracle Names to OID• Manage IT self-
service• TS Update• NetCom Q&A
• Jay Flanagan• Marisa Benson• Mark Parten• Karen Jenkins• Theresa
Goriczynski• Paul Petersen
Information Technology at Emory
Web Application Vulnerability Protection
Jay D. Flanagan
Information Technology at Emory
Information Technology DivisionTechnical Services
Information Technology at Emory
Information Technology DivisionTechnical Services
Web Application Vulnerability Scanner
• SpiDynamics WebInspect Tool– Implemented in Spring of 2005– Part of our audit process– Scan web applications before they go into
production– Regularly scan currently implemented web
applications for new vulnerabilities– Scans for specific web application vulnerabilities
• cross-site scripting • buffer overflows • injection (SQL) • denial of service
Information Technology at Emory
Information Technology DivisionTechnical Services
Web Application Vulnerability Scanner
Information Technology at Emory
Information Technology DivisionTechnical Services
Web Application Vulnerability Scanner
Information Technology at Emory
Information Technology DivisionTechnical Services
Web Application Vulnerability Scanner
• Web Application Vulnerability Security Awareness Training– August 8, 2005– 8 am to 12 pm– Review web application vulnerabilities and
how they can be protected against in the development of these applications
Information Technology at Emory
Information Technology DivisionTechnical Services
Web Application Firewall
• Web Application Firewall - NetContinuum– Monitors all web specific traffic on ports 80
and 443 that is not monitored by a regular firewall.
– Acts as a proxy to check this traffic before passing it on to the web servers.
– Blocks attacks including cross-site scripting, buffer overflows, injection (SQL) and denial of service.
Information Technology at Emory
Information Technology DivisionTechnical Services
Web Application Firewall
• Currently protecting the following ITD managed web applications.– Account Management System (ACM)– Black Board – Prod and Dev– Password Services– The App Prod and Dev Web Server– The Oak Dev Web Server
Information Technology at Emory
Information Technology DivisionTechnical Services
Self-Service Vulnerability Scanning
• Self-Service Vulnerability scanning available via Nessus– Contact Security Team for setup