hardening web applications against malware attacks · 2020-05-04 · salesforce, google apps, .....
TRANSCRIPT
![Page 1: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/1.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Hardening web applications against malware attacks
Erwin GeirnaertOWASP BE Board MemberZION [email protected]+3216297922
25 January 2012
![Page 2: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/2.jpg)
OWASP
Agenda
My definition of malwareHardening applications?!Malware attacks
Special thanks to Trusteer for slides and additional statistics!
![Page 3: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/3.jpg)
OWASP
My definition of malware
![Page 4: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/4.jpg)
OWASP
Malware
My definition: Non-destructive malicious software
that steals information, hijacks credentials and
injects fraudulent transactions
Examples: Zeus, SpyEye, …
Note: targets also non-financial applications:
Facebook, Twitter, Gmail, Yahoo …
My prediction: attacks against cloud apps like
Salesforce, Google Apps, ..
![Page 5: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/5.jpg)
OWASP
Malware Infection Methods
§ Drive-by-Download• Legitimate web sites that are hacked• Malicious web sites that include exploit code
… target unpatched vulnerabilitiesBuy exploit code…
![Page 6: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/6.jpg)
OWASP
Closer Look: Exploit Services For Hire Posted on August 27, 2011 - 10:10
RU: $ 40UA: $ 30KZ: $ 20PL: $ 90BY: $ 40Mix w / o asia: $ 30asia: $ 10World mix: $ 20
Rules
Ship your software via non-resident loader.Infecting with DDoS bots, ZeuS, SpyEye, Click-bots, SPAM-bots, SOCKS, etc.Return customer preferred Minimum of 2K infectionsI can also infect with your malware per customer demandNo re-distributorsProvide each customer with personal statisticsIf lockers shipped, price is discussed separately.
Communication via icq 236100100
Additionally
Private exe polymorphic creator from $ 25 to $ 50
Maintenance agreement
We will check your file twice per day, ifgoes idle we will remove if from the computer1 week = $ 201 month = $ 100
Features of the extra service files
Unique encryption - Unique encryption to avoid AV signaturesFiles do not require any additional libraries.(The file will work on all systems)Files not detected by Anti virus
No loader required, exploit based
infection
Competitor prevention
AV antidote
![Page 7: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/7.jpg)
OWASP
Malware Attack Technique:Fake Web Content injection
§ Manipulate/Insert Web Content – on the fly• Capture and deliver sensitive data (not part of
the original app logic)• Credentials, credit card information, personal
information§ Typical configuration• Hundreds of such “webinjects”
![Page 8: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/8.jpg)
OWASP
Capture payment cardLive attack: Inject data capture form
![Page 9: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/9.jpg)
OWASP
Bypass two factor authentication: Capture Token for real-time Transaction Verification
Live attack of Zeus on a major U.S. bank
BeforeAfter
![Page 10: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/10.jpg)
OWASP
Bypass two factor authentication: Do nothing
Authenticate Login Successful
Fraudulent Transaction (from the user machine)
![Page 11: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/11.jpg)
OWASP
Bypass HW transaction verification:Device “training” with Dummy Trx
Initiate Transfer
Get target account(mule) from C&C
Transfer to target account ($1,000)
“Dummy transfer”
inject
Hide real balance
Balance: “$10,000”
[$9,000 actually]
inject
Login
Balance: $10,000
![Page 12: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/12.jpg)
OWASP
Bypass Out-of-band verification by changing the phone number on the account
Inject: “New Security Measure, enter phone number and wait
for code to arrive in SMS”
Initiate phone number change in the background. bank sends code to old phone to verify
change
Users enter code into fake form
Malware completes the change
Fraudster can now transfer money and execute approval
from his phone
UserMalware
Appreciates the Bank security innovation
![Page 13: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/13.jpg)
OWASP
Bypass Out-of-band verification by changing the phone number on the account (cont.)
![Page 14: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/14.jpg)
OWASP
More out-of-band channel attacks:Bypass Email Confirmation
§ Zeus eliminates transfer/payment confirmation email from web mail• From a recent Zeus configuration:
§ Users don’t know funds were stolen
if( document.getElementById("datatable").rows[i].innerHTML.indexOf( "Faster Payment Confirmation" ) != -1 || document.getElementById("datatable").rows[i].innerHTML.indexOf( "Payment Created" ) )
{ //Faster Payment Confirmation | Payment Createddocument.getElementById("datatable").rows[i].style.display = "none";
}
![Page 15: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/15.jpg)
OWASP
Bypass virtual keyboard, VPN credentials compromised
§ Zeus configuration:<FilterUrl><![CDATA[@*/citrix/*]]></FilterUrl>
• @ = take screenshot of mouse vicinity when left button is clicked (defeat virtual keyboard anti key logging capability)
• “citrix” = only when this keyword is in the URL§ Password is collected as a series of
screenshots showing password letters
![Page 16: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/16.jpg)
OWASP
Malware Command &
Control
5
SMS with link to Mobile malware
(“install new certificate”)
3
Mobile out-of-band verification attack
Legitimate Website
User Accesses Site
1
Malware transfers
funds (PC is proxy)
5
Malware forwards
approval SMS
7Download Malware
4
Transaction approved using
stolen SMS
8
“Please provide your mobile phone
number”
2
TransactionApproval SMS
6
![Page 17: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/17.jpg)
OWASP
Evade server side fraud detection
§ Cookies used for malware state management• Server side detection of specific cookies (in practice
since 2010 – Gartner)• New SpyEye now uses non-cookie mechanisms
§ Bare-bone transactions• Server side detection of missing pages/parameters• New SpyEye now simulates full “human” flow,
including button clicks
§ Computer interaction time scale• Server side detection of “too quick” submissions• New SpyEye introduces time delays
![Page 18: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/18.jpg)
OWASP
How (not) to prevent exploitation
“ We analyze data collected over a four year period and study the most popular practices that challenge four of the most prevalent web-malware detection systems:
• Virtual Machine client honeypots• Browser Emulator client honeypots• Classification based on domain reputation• Anti-Virus enginesOur results show that none of these systems are effective in isolation”
Trends in Circumventing Web-Malware Detection
Google Technical Report, July 2011
![Page 19: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/19.jpg)
OWASP
Hardening applications?!
![Page 20: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/20.jpg)
OWASP
What is hardening
Definition of hardening: Reduce the attack surfaceEliminate vulnerabilitiesMitigate the impact of a vulnerability
![Page 21: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/21.jpg)
OWASP
![Page 22: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/22.jpg)
OWASP
Hardening books
![Page 23: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/23.jpg)
OWASP
![Page 24: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/24.jpg)
OWASP
![Page 25: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/25.jpg)
OWASP
![Page 26: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/26.jpg)
OWASP
![Page 27: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/27.jpg)
OWASP
![Page 28: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/28.jpg)
OWASP
![Page 29: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/29.jpg)
OWASP
The GAP
Hardening applications is not only:Hardening the architecture (DMZ, reverse proxy,..)Hardening the OSHardening the web server
Hardening applications is:Building and maintaining secure codeOWASP Top 10 Application Security Risks
![Page 30: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/30.jpg)
OWASP
Hardening applications?
Hardening is eliminating vulnerabilities by:Disabling unneeded services/functionsLimiting access to specific IP addresses/users…
How can you harden an application?Disable admin accessDisable CMSDo you know all the security bugs in an application that
was build during 1 year by 10 people?
![Page 31: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/31.jpg)
OWASP
Hardening applications?
Most used solution today: web application firewall:Detect attacksBlock attacks (if you have a WAF, are you sure it’s
blocking?)Alert and react
But to be effective you need to know the vulnerabilities in the application = virtual patching
![Page 32: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/32.jpg)
OWASP
OWASP Top 10
A1: Injection A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
![Page 33: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/33.jpg)
OWASP
Hardening OS and Network
A1: Injection A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Exposure after hardening OS and Network
![Page 34: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/34.jpg)
OWASP
Web application firewall
A1: Injection A2: Cross-Site Scripting (XSS)
A3: BrokenAuthentication andSession Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery(CSRF)
A6: Security Misconfiguration
A7: InsecureCryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Exposure after virtual patching with web application firewall
![Page 35: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/35.jpg)
OWASP
Analyzing the effectiveness of web application firewalls – Larry Suto 11/11
![Page 36: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/36.jpg)
OWASP
History of malware attacks
Malware attacks against web applications started years ago:Code Red in 2001: buffer overflow in IISSanty in 2004: phpBB command executionAsprox in 2008: SQL Injection -Infected 6 million URLs
on 153.000 websitesLizamoon in 2011: SQL Injection – Infected 1.5 million
URLs
![Page 37: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/37.jpg)
OWASP
Hardening OS, network and WAF
A1: Injection A2: Cross-Site Scripting (XSS)
A3: BrokenAuthentication andSession Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery(CSRF)
A6: Security Misconfiguration
A7: InsecureCryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Exposure after hardening OS, network and WAF
![Page 38: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/38.jpg)
OWASP
Malware vs hardening
Hardening OS, infra & WAF will stop most massmalware attacks
Can we go have a beer now?What about:
![Page 39: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/39.jpg)
OWASP
The end point is the weakest link
Cyber Criminals
Easy
Easy
End Point SecurityAV
Sensitive Data and Apps
Database FirewallWeb Application Firewall
IPSFirewall
Perimeter Security
Difficult
![Page 40: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/40.jpg)
OWASP
Hardening the browser
Weakest link today: the browserEasy to infect with drive-by-downloadThis malware is not impacting the user:
1. Observe: take screenshots, log HTTP requests, waitfor instructions
2. Update: configuration to attack specific web applications (banking, cloud apps, remote access,..)
3. Attack: all infected machines attack
![Page 41: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/41.jpg)
OWASP
Trusteer malware statistics
![Page 42: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/42.jpg)
OWASP
Trusteer Malware Statistics
![Page 43: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/43.jpg)
OWASP
Hardening the browser
Hardening the user:One-time-password tokensTransaction signing with tokens (and bankcard)
Hardening the browser:Secure sandboxPatching/AV/FW
Hardening the mobile (iOS, Android, Win):Secure mobile
![Page 44: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/44.jpg)
OWASP
APT against end-user
![Page 45: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/45.jpg)
OWASP
![Page 46: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/46.jpg)
OWASP
![Page 47: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/47.jpg)
OWASP
![Page 48: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/48.jpg)
OWASP
![Page 49: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/49.jpg)
OWASP
![Page 50: Hardening web applications against malware attacks · 2020-05-04 · Salesforce, Google Apps, .. OWASP Malware Infection Methods §Drive-by-Download •Legitimate web sites that are](https://reader034.vdocuments.us/reader034/viewer/2022042223/5ec98f33f931947a177dd0b7/html5/thumbnails/50.jpg)
OWASP
Wrap-up
Hardening web applications requires:Secure web applications running on hardened network
and infrastructureHardened browsersHardened mobile clientHardened user