Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?"

Transcription

1

2

3 Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

4

5

6

7 13 major airlines flight information credit card personal data 1,5 year

8

9

10

11

12

13

14

15 BIG-IP ASM extends protection to more than application vulnerabilities Attack Visibility & Logging Data Leak Protection Automatic Policy Builiding (Dynamic configuration) Stop bad Users (Device ID) Protect Web/API from L7 Attack Prevent Bot Attack (DDOS, VA tools, web scraping, brute force, etc.)

16 1 Automatic Policy Building.exe /admin/wp-admin /login.php?name=jerrick; ls /etc/ Server Technologies URLs & File Types Parameters Cookies /images/banner.jpg /login.php /css/design.css /app/app.php /js/jquery.js name={alphanumeric, len=16} address={any char, len=100} file={multipart/form-data, maxsize=10mb} price={numeric, tampering protection=on, len=10 } Cookie: name=value Cookie:JSESSIONID=1A Cookie: price=399;total=1399 (+) sec model : enforcing legitimate traffic only

17 2 Protect Web/API from Known Attack /etc/passwd OR 1=1 --; %2527%2BOR%2B1%253D1%2B%2523; OR 1=1 --; OWASP top 10 Parser Attacks Buffer overflows Zero-day attacks CSRF Cross-site scripting Parameter tampering Evasion technique Forceful browsing Information Leakage Malformed headers Session Hijacking SQL injections Command injection RFI Many more (-) sec model : protecting against known attacks

18 3 Prevent Bot Attack 29% 48% Traffic generated by Humans 48% 23% Traffic generated by Good Bots like Bing, Google Bot 29% Traffic generated by Bad Bots like scanners, password guessing 23% Humans Good Bots Bad Bots Incapsula Bot Traffic Report 2016

19 3 Prevent Bot Attack Validate bot or human on initial site access Bad Bot Differentiate good bots and bad bots Good Bot Scraping and brute force protection Human Real time challenge (js and captcha)

20 4 Stop Bad Users Stop unique device/browser access (Browser fingerprinting) Stop users/sessions that trigger violation (session tracking) Persistent Attacker Anonymous Proxy Vulnerability Scanner Stop users with bad IP reputation Stop users from specific country/region (Geolocation)

21 4 Stop Bad Users

22 5 Mask Sensitive Data Cc=#### #### #### #### Cc=

23 6 See Hostile Traffic

24 6 See Hostile Traffic

25

26

27 Allow TCP/80, TCP/443 Regular user Web server App server DB server Network Firewall Regular user

28

29 Cross-Site Scripting Information Leakage Responsible for 78% of all vulnerabilities 80% Injection 80/20 RULE

30

31

32 WHY F5?

33 F5 is the only vendor who uses the same product for cloud- based as on-premises, which enables simple policy sharing and improved security effectiveness Virtual Edition Secures applications deployed in Virtualized and IaaS environments Datacenter Appliance Protects business critical applications in the datacenter WAF as a Service Immediately turn on new services or scale existing protections without capital investment and resource requirements

34 Gartner Magic Quadrant for WAF F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* F5 is highest in execution within the Leaders Quadrant. * Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D Hoinne, Adam Hils, Claudio Neiva, 7 August 2017 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from F5 Networks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

35 Gartner Magic Quadrant for ADC+WAF? Figure 1. Magic Quadrant for Application Delivery Controllers Source: Gartner (August 2016)

36 Tzoori Tamam F5 WAF Product Manager

37

38 DevCentral AskF5/Support ihealth University

39

40

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013

86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013 Vulnerabilities help make Web application attacks amongst the leading causes of data breaches +7 Million Exploitable Vulnerabilities challenge organizations today 86% of websites has at least 1 vulnerability

More information

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe F5 comprehensive protection against application attacks Jakub Sumpich Territory Manager Eastern Europe j.sumpich@f5.com Evolving Security Threat Landscape cookie tampering Identity Extraction DNS Cache

More information

Beyond Blind Defense: Gaining Insights from Proactive App Sec

Beyond Blind Defense: Gaining Insights from Proactive App Sec Beyond Blind Defense: Gaining Insights from Proactive App Sec Speaker Rami Essaid CEO Distil Networks Blind Defense Means Trusting Half Your Web Traffic 46% of Web Traffic is Bots Source: Distil Networks

More information

Imperva Incapsula Website Security

Imperva Incapsula Website Security Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as

More information

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Herding Cats. Carl Brothers, F5 Field Systems Engineer Herding Cats Carl Brothers, F5 Field Systems Engineer Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks,

More information

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA

Cyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats

More information

Web Applications Security. Radovan Gibala F5 Networks

Web Applications Security. Radovan Gibala F5 Networks Applications Security Radovan Gibala F5 Networks How does the current situation look like? Application Trends and Drivers ification of applications Intelligent browsers and applications Increasing regulatory

More information

Intelligent and Secure Network

Intelligent and Secure Network Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence

More information

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering

The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering The Bots Are Coming The Bots Are Coming Scott Taylor Director, Solutions Engineering Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information

More information

F5 Application Security. Radovan Gibala Field Systems Engineer

F5 Application Security. Radovan Gibala Field Systems Engineer 1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities

More information

BIG-IP Application Security Manager : Getting Started. Version 12.1

BIG-IP Application Security Manager : Getting Started. Version 12.1 BIG-IP Application Security Manager : Getting Started Version 12.1 Table of Contents Table of Contents Introduction to Application Security Manager...5 What is Application Security Manager?...5 When to

More information

Configuring BIG-IP ASM v12.1 Application Security Manager

Configuring BIG-IP ASM v12.1 Application Security Manager Course Description Configuring BIG-IP ASM v12.1 Application Security Manager Description The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune,

More information

haltdos - Web Application Firewall

haltdos - Web Application Firewall haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection

More information

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application

More information

Web Application Firewall

Web Application Firewall Web Application Firewall Take chances with innovation, not security. HaltDos Web Application Firewall offers unmatched security capabilities, customization options and reporting analytics for the most

More information

The Top 6 WAF Essentials to Achieve Application Security Efficacy

The Top 6 WAF Essentials to Achieve Application Security Efficacy The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware

More information

Key Considerations in Choosing a Web Application Firewall

Key Considerations in Choosing a Web Application Firewall Key Considerations in Choosing a Web Application Firewall Today, enterprises are extending their businesses by using more web-based and cloud-hosted applications, so a robust and agile web application

More information

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux EU GENERAL DATA PROTECTION: TIME TO ACT Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux Is this the WAY you handle GDPR today 2 3 area s to consider

More information

BIG-IP Application Security Manager : Implementations. Version 13.0

BIG-IP Application Security Manager : Implementations. Version 13.0 BIG-IP Application Security Manager : Implementations Version 13.0 Table of Contents Table of Contents Preventing DoS Attacks on Applications... 13 What is a DoS attack?...13 About recognizing DoS attacks...

More information

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0 BIG-IP Application Security Manager : Attack and Bot Signatures Version 13.0 Table of Contents Table of Contents Assigning Attack Signatures to Security Policies...5 About attack signatures...5 About

More information

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect

More information

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved. Zero Trust in Healthcare 1 CYBER OFFENSE REDEFINED: TRANSFORM YOUR SECURITY POSTURE WITH ZERO TRUST 2 What Keeps CIOs Up at Night? How exposed are we, anyway? Who can access what? Can we trust our partners?

More information

Web Application Firewall Subscription on Cyberoam UTM appliances

Web Application Firewall Subscription on Cyberoam UTM appliances On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application

More information

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Application Security through a Hacker s Eyes James Walden Northern Kentucky University Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways

More information

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,

More information

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.) We b Ap p A t ac ks U ser / Iden tity 33% 53% Apps And Identities Initial Targets In 86% Of Breaches P hysi ca l 11% Other (VPN, PoS,infra.) 3% Fix vulnerabilities Stop web attacks Risk & compliance What

More information

Securing the Modern Data Center with Trend Micro Deep Security

Securing the Modern Data Center with Trend Micro Deep Security Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public

More information

Leading in the compute era

Leading in the compute era Leading in the compute era Delivering the right compute, for the right workload, at the right economics every time. Ray Christian HP Server Product Manager Updated August 25, 2014 The most exciting shifts

More information

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology

Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS

More information

Comprehensive datacenter protection

Comprehensive datacenter protection Comprehensive datacenter protection There are several key drivers that are influencing the DDoS Protection market: DDoS attacks are increasing in frequency DDoS attacks are increasing in size DoS attack

More information

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

Protect your apps and your customers against application layer attacks

Protect your apps and your customers against application layer attacks Protect your apps and your customers against application layer attacks Development 1 IT Operations VULNERABILITY DETECTION Bots, hackers, and other bad actors will find and exploit vulnerabilities in web

More information

Imperva Incapsula Product Overview

Imperva Incapsula Product Overview Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security

More information

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's

More information

Q Web Attack Analysis Report

Q Web Attack Analysis Report Security Level Public CDNetworks Q4 2016 Web Attack Analysis Report 2017. 2. Security Service Team Table of Contents Introduction... 3 Web Attack Analysis... 3 Part I. Web Hacking Statistics... 3 Part

More information

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

CIS 700/002 : Special Topics : OWASP ZED (ZAP) CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of

More information

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide

More information

THUNDER WEB APPLICATION FIREWALL

THUNDER WEB APPLICATION FIREWALL SOLUTION BRIEF THUNDER WEB APPLICATION FIREWALL STOP WEB ATTACKS TO PREVENT COSTLY DATA BREACHES MOBILE USERS REQUIRE SECURE ALWAYS-ON NETWORK ACCESS Web applications have become the number one battlefield

More information

Sophos XG Firewall. IP Partners ICT Systems & Services.

Sophos XG Firewall. IP Partners ICT Systems & Services. Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr XG Firewall Overview Today s top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey

More information

Engage with ESRI in the AWS Cloud. Teresa Carlson, VP of Global Public Sector

Engage with ESRI in the AWS Cloud. Teresa Carlson, VP of Global Public Sector Engage with ESRI in the AWS Cloud Teresa Carlson, VP of Global Public Sector On Premise Infrastructure is Costly & Complex Large Capital Expenditures Patching Software Scaling down as needed Contract negotiation

More information

ADC im Cloud - Zeitalter

ADC im Cloud - Zeitalter ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH Some of the Public Cloud Related Questions You May Have.. It s

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic

More information

Enabling Public Cloud Interconnect Services F5 Application Connector

Enabling Public Cloud Interconnect Services F5 Application Connector Enabling Public Cloud Interconnect Services F5 Application Connector Crystal Bong, Product Manager Emergence of Cloud Interconnect These common services are hard to replicate, control, and do not run cheaply

More information

Future of Database. - Journey to the Cloud. Juan Loaiza Senior Vice President Oracle Database Systems

Future of Database. - Journey to the Cloud. Juan Loaiza Senior Vice President Oracle Database Systems Future of Database - Journey to the Cloud Juan Loaiza Senior Vice President Oracle Database Systems Copyright 2016, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following

More information

Release Notes Version 7.8

Release Notes Version 7.8 Please Read Before Updating Before installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versions more recent than the one currently running

More information

Positive Security Model for Web Applications, Challenges. Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security

Positive Security Model for Web Applications, Challenges. Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security Positive Security Model for Web Applications, Challenges and Promise Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security Introduction Breach Security, Inc. Breach Security is the market leader in

More information

Commercial Product Matrix

Commercial Product Matrix PRODUCT MATRIX 1H2016 FOR INTERNAL USE ONLY Trend Micro Commercial Product Matrix SELLING TREND MICRO SECURITY SOLUTIONS Small Business or /Medium Business? < 100 Users > 100 Users Trend Micro Customer

More information

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to

More information

How were the Credit Card Numbers Published on the Web? February 19, 2004

How were the Credit Card Numbers Published on the Web? February 19, 2004 How were the Credit Card Numbers Published on the Web? February 19, 2004 Agenda Security holes? what holes? Should I worry? How can I asses my exposure? and how can I fix that? Q & A Reference: Resources

More information

Unified Secure Access Beyond VPN

Unified Secure Access Beyond VPN Unified Secure Access Beyond VPN Luboš Klokner F5 Systems Engineer lubos@f5.com +421 908 755152 @lklokner Humans v. Technology F5 Networks, Inc Agenda Introduction General APM Use-Cases APM Use-Cases from

More information

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery. PRESENTED BY: Credit Theft 68% DDoS 63% Web Fraud 50% Cross-site Scripting SQL Injection Clickjack Cross-site Request Forgery 25% 24% 20% 17% Other 2% F5 Ponemon Survey -Me East-West Traffic Flows App

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate

More information

How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity

How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity This article explains how to configure your Sophos UTM to allow access Microsoft s Lync Web Services (the

More information

Security

Security Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from

More information

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13 Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access

More information

Application security : going quicker

Application security : going quicker Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF

More information

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved. Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect Amazon.com, Inc. and its affiliates. All rights reserved. Learning about Cloud Computing with AWS What is Cloud Computing and

More information

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:

More information

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com

More information

Panda Security. Corporate Presentation. Gianluca Busco Arré Country Manager

Panda Security. Corporate Presentation. Gianluca Busco Arré Country Manager Panda Security Corporate Presentation Gianluca Busco Arré Country Manager Great minds and Global Presence From 1990, Panda Security has become the leading European multinational developing advanced cybersecurity

More information

F5 Azure Cloud Try User Guide. F5 Networks, Inc. Rev. September 2016

F5 Azure Cloud Try User Guide. F5 Networks, Inc. Rev. September 2016 F5 Azure Cloud Try User Guide F5 Networks, Inc. Rev. September 2016 Azureinfo@f5.com Table of Contents Introduction... 3 F5 Web Application Firewall Solution, (WAF) Review... 3 Configuring SSO/Pre-authentication

More information

Penetration Testing. James Walden Northern Kentucky University

Penetration Testing. James Walden Northern Kentucky University Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application

More information

PCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER

PCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER PCI DSS Compliance with Riverbed Stingray Traffic Manager and Stingray Application Firewall WHITE PAPER Table of Content PCI DSS Overview... 2 1.1 Key requirements of the PCI DSS standard... 3 Riverbed

More information

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education

RETHINKING DATA CENTER SECURITY. Reed Shipley Field Systems Engineer, CISSP State / Local Government & Education RETHINKING DATA CENTER SECURITY Reed Shipley r.shipley@f5.com Field Systems Engineer, CISSP State / Local Government & Education http://gcn.com/blogs/cybereye/2013/10/it-professionals-survey.aspx September

More information

(CNS-301) Citrix NetScaler 11 Advance Implementation

(CNS-301) Citrix NetScaler 11 Advance Implementation (CNS-301) Citrix NetScaler 11 Advance Implementation Overview Designed for students with previous NetScaler experience, this course is best suited for individuals who will be deploying or managing advanced

More information

Content Security Policy

Content Security Policy About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training

More information

Web Security, Summer Term 2012

Web Security, Summer Term 2012 IIG University of Freiburg Web Security, Summer Term 2012 Web Application: Testing Security Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 10) Web Application: Testing Security 1 Table of

More information

dotdefender User Guide Applicure Web Application Firewall

dotdefender User Guide Applicure Web Application Firewall dotdefender User Guide Applicure Web Application Firewall Table of Contents Chapter 1 Introduction... 5 1.1 Overview... 5 1.2 Components... 6 1.2.1 Specific Windows components... 6 1.2.2 Specific Linux/Unix

More information

PT Unified Application Security Enforcement. ptsecurity.com

PT Unified Application Security Enforcement. ptsecurity.com PT Unified Application Security Enforcement ptsecurity.com Positive Technologies: Ongoing research for the best solutions Penetration Testing ICS/SCADA Security Assessment Over 700 employees globally Over

More information

Cyber War Chronicles Stories from the Virtual Trenches

Cyber War Chronicles Stories from the Virtual Trenches Cyber War Chronicles Stories from the Virtual Trenches Ron Winward Security Evangelist Radware, Inc. March 17, 2016 Background on the Radware Report Key Cyber Attack Trends for 2015-2016 Case Study: Look

More information

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand

More information

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE #RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products VMware @therealtomcorn

More information

GOING WHERE NO WAFS HAVE GONE BEFORE

GOING WHERE NO WAFS HAVE GONE BEFORE GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation

More information

Maximum Security, Zero Compromise in Availability and Performance

Maximum Security, Zero Compromise in Availability and Performance Maximum Security, Zero Compromise in Availability and Performance Presented by: Teong Eng Guan MD ASEAN 2 2 Agenda Who is F5 and what to we do? IT Challenges Web Application Security Why & How? Total Defense

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Vulnerability Assessment with Application Security

Vulnerability Assessment with Application Security Vulnerability Assessment with Application Security Targeted attacks are growing and companies are scrambling to protect critical web applications. Both a vulnerability scanner and a web application firewall

More information

Dell SonicWALL Secure Mobile Access 8.5. Web Application Firewall Feature Guide

Dell SonicWALL Secure Mobile Access 8.5. Web Application Firewall Feature Guide Dell SonicWALL Secure Mobile Access 8.5 Copyright 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell, the Dell logo,

More information

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance SOLUTION BRIEF FPO Imperva Simplifies and Automates PCI DSS Compliance Imperva Simplifies and Automates PCI DSS Compliance SecureSphere drastically reduces both the risk and the scope of a sensitive data

More information

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,

More information

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto

More information

Securing the Cloud. White Paper by Peter Silva

Securing the Cloud. White Paper by Peter Silva Cloud computing has become another key resource for IT deployments, but there is still fear of securing applications and data in the cloud. With F5 devices, you can keep your most precious assets safe,

More information

MOBILE SECURITY OVERVIEW. Tim LeMaster

MOBILE SECURITY OVERVIEW. Tim LeMaster MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a

More information

O365 Solutions. Three Phase Approach. Page 1 34

O365 Solutions. Three Phase Approach. Page 1 34 O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase

More information

Changing The Conversation: Infrastructure as a Service

Changing The Conversation: Infrastructure as a Service Changing The Conversation: Infrastructure as a Service October 20, 2011 Fernando Rey Fernando Business Development Cloud Services dindo.fernando@microsoft.com You manage You manage You manage Slide with

More information

WHAT S NEW IN SQL SERVER 2016 REPORTING SERVICES?

WHAT S NEW IN SQL SERVER 2016 REPORTING SERVICES? WHAT S NEW IN SQL SERVER 2016 REPORTING SERVICES? Timothy P. McAliley CISA, CISM, CISSP, ITIL V3, MCSA, MCSE, MCT, PMP Microsoft Account Technology Strategist Try It Yourself! Two TechNet Virtual Labs

More information

SecureSphere Web Application Firewall Test Drive

SecureSphere Web Application Firewall Test Drive Protecting applications against SQL Injection and Zero-Day Attacks SecureSphere Web Application Firewall Test Drive The purpose of this Test Drive is to enable customers to rapidly evaluate SecureSphere

More information

303 BIG-IP ASM SPECIALIST

303 BIG-IP ASM SPECIALIST ABOUT THE 303 BIG-IP ASM SPECIALIST EXAM. The BIG-IP ASM Specialist exam identifies individuals who are qualified to design, implement, and maintain ASM, including advanced features. They will likely be

More information

RSA Web Threat Detection

RSA Web Threat Detection RSA Web Threat Detection Online Threat Detection in Real Time Alaa Abdulnabi. CISSP, CIRM RSA Pre-Sales Manager, TEAM Region 1 Web Threat Landscape In the Wild Begin Session Login Transaction Logout Web

More information

Who am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack

Who am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack Who am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack Web Application Firewall Shortcomings The presentation

More information

Ransomware & Modern DR: Risky Business

Ransomware & Modern DR: Risky Business Ransomware & Modern DR: Risky Business Matt Tyrer: Manager, Solutions Marketing - Americas 2016 COMMVAULT SYSTEMS, INC. ALL RIGHTS RESERVED. Agenda New-ish Risks New Answers to Old-ish Problems Old Problems

More information

Cloud Computing Private Cloud

Cloud Computing Private Cloud Cloud Computing Private Cloud Amplifying Business Value thru IT Ivo Sladoljev, Territory Manager, Adriatic Region December, 2010. 2010 VMware Inc. All rights reserved Agenda Company Facts VMware Focus

More information

AppSpider Enterprise. Getting Started Guide

AppSpider Enterprise. Getting Started Guide AppSpider Enterprise Getting Started Guide Contents Contents 2 About AppSpider Enterprise 4 Getting Started (System Administrator) 5 Login 5 Client 6 Add Client 7 Cloud Engines 8 Scanner Groups 8 Account

More information

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution

Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution Integrated Web Application Firewall & Distributed Denial of Service (DDoS) Mitigation Solution (Layer 3/4 and Layer 7) Delivering best-in-class network and web application security to the modern enterprise

More information

Security Made Simple by Sophos

Security Made Simple by Sophos Security Made Simple by Sophos Indian businesses in the radar of cyber-threats Frequency of cyber-attacks Most targeted systems / IT assets -- KPMG Cybercrime Survey Report 2015 3 ON AN AVERAGE, HOW MUCH

More information

Micro Focus Fortify Application Security

Micro Focus Fortify Application Security Micro Focus Fortify Application Security Petr Kunstat SW Consultant +420 603 400 377 petr.kunstat@microfocus.com My web/mobile app is secure. What about yours? High level IT Delivery process Business Idea

More information