Leveraging Intel from Hackers to Mitigate Risks

Authored by Robert Hansen

“Know your enemy and know yourself and you can fight a hundred battles without disaster.” – Sun Tzu

A few weeks ago, I interviewed “Adam” a self-described ‘blackhat’ hacker about why he started hacking, what motivates him and others in the underground community and why he has decided to change his ways. What was revealed in this interview (which was published in full in a three-part series on the WhiteHat Security blog) hopefully sheds light on how other blackhats like “Adam” think and how they communicate. From this we in the security industry can devise better solutions, abandon failed technologies, and fix the most glaring issues. A great deal can be unearthed by examining Adam’s words and those of other attackers like him.

For example, Adam shared insights into some web vulnerabilities that are the most used by the attacker community, among them XSS and SQL injection, and his belief that SQL injections are the vulnerabilities that should be fixed first because they are most heavily used. Adam also shares the characteristics that he thinks make up a “good” web application vulnerability: that it is fast to exploit, persistent, gives root/full access as well allows the ability to deface/redirect sites, or wipe IP logs completely. When it comes to lists like the recently announced OWASP Top 10 for 2013, Adam downplays their importance as a “best practice” because they are never up to date or comprehensive - i.e. clickjacking and DoS/DDoS are not on the OWASP list yet extremely useful to attackers - and serve only as a good measure for prioritization.

While some IT security professionals shy away from listening to anything from the dark side, much can be learned from knowing your adversary and what makes them tick. From this conversation with Adam alone we are able to better ascertain how to first prioritize testing and finding vulnerabilities and then prioritize mitigating and fixing them.

To take this conversation one step further, I will be co-hosting a webinar on June 20 that delves further into some of the lessons we can learn from our adversaries in the ‘blackhat’ community and how we can better leverage this intel for tracking attacks and deploying the right protection strategies.

About Robert Hansen

Robert Hansen (CISSP) is the Director of Product Management at WhiteHat Security. He's the former Chief Executive of SecTheory and Falling Rock Networks which focused on building a hardened OS. Mr. Hansen began his career in banner click fraud detection at ValueClick. Mr. Hansen has worked for Cable & Wireless doing managed security services, and eBay as a Sr. Global Product Manager of Trust and Safety. Mr. Hansen contributes to and sits on the board of several startup companies. Mr. Hansen has co-authored "XSS Exploits" by Syngress publishing and wrote the eBook, "Detecting Malice." Robert is a member of WASC, APWG, IACSP, ISSA, APWG and contributed to several OWASP projects, including originating the XSS Cheat Sheet. He is also a mentor at TechStars. His passion is breaking web technologies to make them better.