Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry...
Transcript of Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry...
![Page 1: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/1.jpg)
Splunk for Web Application Security
Kyle Barry
![Page 2: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/2.jpg)
![Page 3: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/3.jpg)
Kyle BarrySecurity Engineering Manager
@allofmywats
![Page 4: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/4.jpg)
![Page 5: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/5.jpg)
The world’s handmade marketplace
![Page 6: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/6.jpg)
30 million members
![Page 7: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/7.jpg)
$895 million in GMS
![Page 8: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/8.jpg)
30% of transactions are international
![Page 9: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/9.jpg)
1.4 billion page views a month
![Page 10: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/10.jpg)
Security at Etsy
sharpwriter.etsy.com
![Page 11: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/11.jpg)
Vulnerabilities
![Page 12: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/12.jpg)
Vulnerabilities
• Cross Site Scripting (XSS)
• Persistent vs. Non-persistent
![Page 13: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/13.jpg)
Vulnerabilities
• Cross Site Scripting (XSS)
• Persistent vs. Non-persistent
• SQL Injection (SQLi)
![Page 14: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/14.jpg)
Vulnerabilities
• Cross Site Scripting (XSS)
• Persistent vs. Non-persistent
• SQL Injection (SQLi)
• Authentication Bypass
![Page 15: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/15.jpg)
Fraud
![Page 16: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/16.jpg)
Fraud
• Account Takeover
![Page 17: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/17.jpg)
Fraud
• Account Takeover
• Phishing
![Page 18: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/18.jpg)
Fraud
• Account Takeover
• Phishing
• Scams
![Page 19: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/19.jpg)
Getting it Done
![Page 20: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/20.jpg)
40+ Daily Deploys
![Page 21: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/21.jpg)
5 Minutes to Production
![Page 22: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/22.jpg)
![Page 23: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/23.jpg)
Config Flags
![Page 24: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/24.jpg)
Continuous Integration
![Page 25: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/25.jpg)
Splunk?
![Page 26: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/26.jpg)
Yes!
![Page 27: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/27.jpg)
Phishing Attackkaroart.etsy.com
![Page 28: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/28.jpg)
![Page 29: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/29.jpg)
An Attack in 4 Parts
![Page 30: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/30.jpg)
Step 1: Alerting
![Page 31: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/31.jpg)
Alerting
• Cron Job?
![Page 32: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/32.jpg)
Alerting
• Cron Job?
• Offline Processing?
![Page 33: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/33.jpg)
Alerting
• Cron Job?
• Offline Processing?
• Real Time?
![Page 34: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/34.jpg)
Alerting
• Cron Job?
• Offline Processing?
• Real Time?
• Splunk
![Page 35: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/35.jpg)
High Number of Logins from a Single IP
![Page 36: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/36.jpg)
Alerting
• Info Log
[Wed Apr 22 16:37:41 2013] [MF9JqDVpY93VOMreyvI2UC24wRjT] [info][login] status="success" user="kbarry" ip="123.321.123.321"
• Splunk Search
source="/data/current/web/info.log" action="login" | transaction ip | sort -eventcount | table ip eventcount
![Page 37: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/37.jpg)
Step 2: Damage Control
![Page 38: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/38.jpg)
Damage Control
• Find Affected Accounts
• The Old Way*
awk -F'[ "]+' '$7 == "/" { ipcount[$1]++ } END { for (i in ipcount) { printf "%15s - %d\n", i, ipcount[i] } }' logfile.log
• Splunk Search
source="/data/current/web/info.log" action="login" | transaction ip | sort -eventcount | table ip eventcount
* : The old way courtesy of http://serverfault.com/questions/11028
![Page 39: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/39.jpg)
Step 3: Look for Trends
![Page 40: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/40.jpg)
![Page 41: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/41.jpg)
Step 4: Clean Up
![Page 42: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/42.jpg)
Clean Up
• Find Affected Accounts
• The Old Way*
awk -F'[ "]+' '$7 == "/" { ipcount[$1]++ } END { for (i in ipcount) { printf "%15s - %d\n", i, ipcount[i] } }' logfile.log
• Splunk Search
source="/data/current/web/info.log" action="login" | transaction ip | sort -eventcount | table ip eventcount
* : The old way courtesy of http://serverfault.com/questions/11028
![Page 43: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/43.jpg)
Putting it Together
![Page 44: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/44.jpg)
Security Mechanisms
![Page 45: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/45.jpg)
Incident Response
![Page 46: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/46.jpg)
Ad-hoc analysis of a large dataset
Driven by an event or incident
Needs to be fast
![Page 47: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/47.jpg)
Reactive Security
![Page 48: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/48.jpg)
Real-time event monitoring and alerting
Events that trigger immediate response
You always query the same data and you do it often
![Page 49: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/49.jpg)
Proactive Security
![Page 50: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/50.jpg)
Things we do now to protect us later
Actions taken to prevent future compromise
![Page 51: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/51.jpg)
Incident Response
wildlifeprints.etsy.com
![Page 52: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/52.jpg)
Phishing Attack
![Page 53: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/53.jpg)
Scanners
![Page 54: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/54.jpg)
Reactive Security
![Page 55: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/55.jpg)
Alerting
• Failed Logins (Info Log)
[Wed Apr 22 16:37:41 2013] [MF9JqDVpY93VOMreyvI2UC24wRjT] [info][login] failed login user:"kbarry" ip:"123.321.123.321"
• Splunk Search
source="/data/current/web/info.log" log_namespace="login" | transaction user | sort -eventcount | table user eventcount
source="/data/current/web/info.log" log_namespace="login" | transaction ip | sort -eventcount | table ip eventcount
![Page 56: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/56.jpg)
Alerting
• XSS Alert
source="/data/syslog/current/web/access.log" | regex request_uri="(%3Cscript%3E|alert\(|onerror)"
• SQLi Alert
source="/data/syslog/current/web/info.log" "database syntax error at"
![Page 57: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/57.jpg)
![Page 58: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/58.jpg)
![Page 59: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/59.jpg)
Proactive Security
wildlifeprints.etsy.com
![Page 60: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/60.jpg)
Goal
Full-site SSL for all Etsy sellers
![Page 61: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/61.jpg)
![Page 62: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/62.jpg)
Full Site SSL
• Which pages are important?
source="/data/syslog/current/web/access.log" is_seller=1 | transaction request_uri | table request_uri is_ssl
• How much traffic?
[insert query here]
![Page 63: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/63.jpg)
![Page 64: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/64.jpg)
Security Dashboards
![Page 65: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/65.jpg)
![Page 66: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/66.jpg)
![Page 67: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/67.jpg)
![Page 68: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/68.jpg)
Splunk Friendly Application
![Page 69: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/69.jpg)
Make Logging Easy
![Page 70: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/70.jpg)
<?
$data = array('user' => 'kbarry', 'ip' => 123.321.123.321);
Logger::info('failed captcha', $data,'login');
?>
![Page 71: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/71.jpg)
Make Splunking Easy
![Page 72: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/72.jpg)
Access Log[Wed Apr 22 16:37:41 2013] "POST /signin HTTP/1.1" 200 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11" MF9JqDVpY93VOMreyvI2UC24wRjT
Info Log
[Wed Apr 22 16:37:41 2013] [MF9JqDVpY93VOMreyvI2UC24wRjT] [info] [login] failed captcha user:"kbarry" ip:"123.321.123.321"
![Page 73: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/73.jpg)
Global Request ID
![Page 74: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/74.jpg)
Access Log[Wed Apr 22 16:37:41 2013] "POST /signin HTTP/1.1" 200 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11" MF9JqDVpY93VOMreyvI2UC24wRjT
Info Log
[Wed Apr 22 16:37:41 2013] [MF9JqDVpY93VOMreyvI2UC24wRjT] [info] [login] failed captcha user:"kbarry" ip:"123.321.123.321"
![Page 75: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/75.jpg)
Recap
![Page 76: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/76.jpg)
Recap
• The More You Know (TM)
![Page 77: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/77.jpg)
Recap
• The More You Know (TM)
• Security is a Real Time Problem
![Page 78: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/78.jpg)
Recap
• The More You Know (TM)
• Security is a Real Time Problem
• Instrument your Application Appropriately
![Page 79: Splunk for Web Application Security...Splunk for Web Application Security Kyle Barry Kyle Barry Security Engineering Manager @allofmywats The world’s handmade marketplace 30 million](https://reader033.fdocuments.us/reader033/viewer/2022043018/5f3a3618df03db47f4785fe8/html5/thumbnails/79.jpg)