AusCERT 2013: Introduction to Network Security Monitoring with Security Onion - AusCERT Presentation
Although web application attacks have existed for over the last 10 years, simple coding errors, failed input validation and output sanitization continue to exist in web applications that have led to disclosures for many well-known companies. The most prevalent web application attacks are SQL Injection, Cross Site Scripting and OS Command Injection. With an increased number of companies conducting buisness over the Internet, many attackers are taking advantage of lax security and poor coding techniques to exploit web applications for fame, notoriety and financial gain.
There are multiple ways to detect and prevent these vulnerabilities from being exploited and leaking corporate data on the Internet. One method involves using IDS/IPS systems to detect the attack and block or alert appropriate staff of the attack. Security Onion by Doug Burks contains a suite of tools that aid an analyst in detecting these events. Security Onion is a live Xubuntu based distribution containing many of the tools required to perform the detection and prevention of these exploits.