I'm going to cover the topic of web application security from the worlds biggest "honeypot": 1.2+ million domains and one web application firewall. I will review the trends in new and old attacks, review how impact each new vulnerability was this year (including timthumb.php, php-cgi remote code execution, and more) with raw log data and identify really what is fueling the web based attacks.
Once the rhetoric of "vulnerabilities are bad" is over, I will discuss some in house developed tools used to detect malicious files on compromised sites (software released). As well as delve into the evolution and in Darwinian fashion dissection of the backdoors and code the attackers use to compromise sites (including more open source software released to de-obfuscate even the most complex malicious code.)
Robert Rowley is a security architect for a shared and virtual hosting provider for approximately over one million websites and hundreds of thousands of customers. This unique environment requires providing increased security for an extremely broad range of websites and customers, and provides an ample range of attacks which our team addresses every day, and have compiled this information into the working piece being presented at this conference.