Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Slides:



Advertisements
Similar presentations
The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Advertisements

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
© S.Gioria OWASP Training Paris – France 26 Avril 2011 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Barracuda Web Application Firewall
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Mod Security (Is it worth it?) By Rich Helton. Abstract (see my paper for sources)  Based on statistics, Apache is the most used web server being used.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Scanning OWASP Education Nishi Kumar Computer based training
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Firewall Security.
Copyright © - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Windows ® Azure ™ Platform. Network Architecture Packet Filtering Built-In Firewalls Connect Service SSL WCF Security Agenda.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Database and Cloud Security
Securing Your Web Application in Azure with a WAF
HTML Level II (CyberAdvantage)
Speaker: Shane Jahnke CS 6910 – Advanced System Security & Design
Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”
Sebastien Deleersnyder CISSP May, 2006
Web Application Firewalls: Panel Discussion
File Operations Access Permissions.
Presentation transcript:

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License. The OWASP Foundation OWASP Web Application Firewalls: Panel Discussion Sebastien Deleersnyder CISSP Feb, 2006

OWASP 2 Agenda  Panel Introduction  WAF Primer  Panel Discussion

OWASP 3 Agenda  Panel Introduction  WAF Primer  Panel Discussion

OWASP 4 Panel Introduction  Philippe Bogaerts, BeeWare  Jaak Cuppens, F5 Networks  Tim Groenwals, Agfa Gevaert  Lieven Desmet, K.U.Leuven  David Van der Linden, ING

OWASP 5 Agenda  Introduction  WAF Primer  Panel Discussion

OWASP 6 Network Firewalls Do Not Work Firewall Port 80 (443) HTTP(S) Traffic Web Client Web Server Application Database Server

OWASP 7 Enter Web Application Firewall Era  HW/SW that mitigates web application vulnerabilities:  Invalidated Input  Parameter tampering  Injection Flaws  …

OWASP 8 Web Application Firewalls  They understand HTTP/HTML very well  They work after traffic is decrypted, or can otherwise terminate SSL  Prevention is possible

OWASP 9 Topologies  Network-based:  Protects any web server  Works with many servers at once  Web server-based:  Closer to the application  Limited by the web server API

OWASP 10 WAF functionality  Rule-based:  Uses rules to look for known vulnerabilities  Or rules to look for classes of attack  Rely on rule databases  Anomaly-based:  Attempts to figure out what normal operation means

OWASP 11 WAF Protection Strategies  Negative security model:  Deny what might be dangerous.  Do you always know what is dangerous?  Positive security model:  Allow what is known to be safe.  Positive security model is better.

OWASP 12 Vendors  MOD-Security  Beeware IntelliWall  Citrix NetScaler Application Firewall (Teros)  DenyAll rWeb  F5 TrafficShield (Magnifire)  Imperva SecureSphere  Netcontinuum  Breach BreachGate WebDefend  …  eEye SecureIIS  Microsoft URLScan WAF?  CheckPoint Application Intelligence?  MS ISA Server? Dead:  Kavado InterDo  Watchfire AppShield (Sanctum)  Ubizen DMZShield

OWASP 13 Agenda  Introduction  WAF Primer  Panel Discussion

OWASP 14 How mature are WAFs?

OWASP 15 Panel Discussion  What do WAFs protect you from? What not?  Where do you position WAFs in your architecture?  What WAF functionality do you really need?  How to reduce TCO?  Who administrates a WAF within the organisation?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.