Artwork

Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Integrating Threat Intelligence into an Application Security and Fraud Program with DoorDash’s Patrick Mathieu

28:16
 
Share
 

Manage episode 328907578 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In episode 72 of The Cyber5, we are joined by DoorDash Application Security Manager, Patrick Mathieu.

We talk about threat intelligence's role within applications security programs, particularly programs focusing on fraud. We discuss the importance of prioritization between what could happen, as often seen in penetration testing, and what is happening, as often seen with threat intelligence.

We also talk about the different types of internal and external telemetry that can be used to drive a program and discuss the outcomes that are critical for an application security program to be successful.

Three Key Takeaways:

1) Application Security Overlaps and Threat Intelligence Shortcomings

Fraud programs exist to save money and application security programs exist to discover and mitigate cyber vulnerabilities. However, most of the same problems are derived from the same weaknesses in the application architecture during the software development lifecycle (SDLC).

Any application development team needs to know the following:

  1. Attacks: Understand the threat, who is attacking, and what they are attacking. The threat could be the server, the client, the user, etc.
  2. Custom Angles: A fraudster is always going to attack the business logic of an application, the custom rules or algorithms that handle the exchange of information between a database and user interface.
  3. Obscurity: The threat will not likely be in the news, such as a ransomware group. As a technology company grows, an application will gain interest from fraudsters who will try to abuse the application.

Threat intelligence falls short in collecting against these actors because it’s so specific to business logic and not an organized crime group with greater notoriety or known tactics, techniques and procedures (TTPs).

2) Common Vulnerabilities in Application Security Pertinent to Fraud

  1. While injection attacks are still common, the most common application vulnerabilities are fraudulent authentication attempts and session hijacking. Microservices (token sessions, for example) are common in applications. However, it’s very challenging to know who is doing what in the application - for example, knowing whether it’s a consumer, an application developer, or fraudsters.
  2. Many companies do not have an active inventory of asset management, particularly with their applications.
  3. There is little visibility for analyzing the logs on the Web Application Firewall (WAF). Every application is different and understanding what is normal versus fraudulent takes time and modeling to focus on who is attacking business logic for fraudulent gains.

3) Application and Security Engineers Must Communicate

  1. Security champion programs are critical to getting application and security engineers to communicate in a way that articulates what is normal in an application. If this collaboration does not work, the attackers will be able to collaborate quicker to execute.
  2. Adoption rates of application engineers are a better metric to monitor versus showing remediation of vulnerabilities.
  continue reading

91 episodes

Artwork
iconShare
 
Manage episode 328907578 series 3331602
Content provided by Nisos, Inc.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Nisos, Inc. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In episode 72 of The Cyber5, we are joined by DoorDash Application Security Manager, Patrick Mathieu.

We talk about threat intelligence's role within applications security programs, particularly programs focusing on fraud. We discuss the importance of prioritization between what could happen, as often seen in penetration testing, and what is happening, as often seen with threat intelligence.

We also talk about the different types of internal and external telemetry that can be used to drive a program and discuss the outcomes that are critical for an application security program to be successful.

Three Key Takeaways:

1) Application Security Overlaps and Threat Intelligence Shortcomings

Fraud programs exist to save money and application security programs exist to discover and mitigate cyber vulnerabilities. However, most of the same problems are derived from the same weaknesses in the application architecture during the software development lifecycle (SDLC).

Any application development team needs to know the following:

  1. Attacks: Understand the threat, who is attacking, and what they are attacking. The threat could be the server, the client, the user, etc.
  2. Custom Angles: A fraudster is always going to attack the business logic of an application, the custom rules or algorithms that handle the exchange of information between a database and user interface.
  3. Obscurity: The threat will not likely be in the news, such as a ransomware group. As a technology company grows, an application will gain interest from fraudsters who will try to abuse the application.

Threat intelligence falls short in collecting against these actors because it’s so specific to business logic and not an organized crime group with greater notoriety or known tactics, techniques and procedures (TTPs).

2) Common Vulnerabilities in Application Security Pertinent to Fraud

  1. While injection attacks are still common, the most common application vulnerabilities are fraudulent authentication attempts and session hijacking. Microservices (token sessions, for example) are common in applications. However, it’s very challenging to know who is doing what in the application - for example, knowing whether it’s a consumer, an application developer, or fraudsters.
  2. Many companies do not have an active inventory of asset management, particularly with their applications.
  3. There is little visibility for analyzing the logs on the Web Application Firewall (WAF). Every application is different and understanding what is normal versus fraudulent takes time and modeling to focus on who is attacking business logic for fraudulent gains.

3) Application and Security Engineers Must Communicate

  1. Security champion programs are critical to getting application and security engineers to communicate in a way that articulates what is normal in an application. If this collaboration does not work, the attackers will be able to collaborate quicker to execute.
  2. Adoption rates of application engineers are a better metric to monitor versus showing remediation of vulnerabilities.
  continue reading

91 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide