Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?"

Transcription

1

2

3 Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

4

5

6

7 13 major airlines flight information credit card personal data 1,5 year

8

9

10

11

12

13

14

15 BIG-IP ASM extends protection to more than application vulnerabilities Attack Visibility & Logging Data Leak Protection Automatic Policy Builiding (Dynamic configuration) Stop bad Users (Device ID) Protect Web/API from L7 Attack Prevent Bot Attack (DDOS, VA tools, web scraping, brute force, etc.)

16 1 Automatic Policy Building.exe /admin/wp-admin /login.php?name=jerrick; ls /etc/ Server Technologies URLs & File Types Parameters Cookies /images/banner.jpg /login.php /css/design.css /app/app.php /js/jquery.js name={alphanumeric, len=16} address={any char, len=100} file={multipart/form-data, maxsize=10mb} price={numeric, tampering protection=on, len=10 } Cookie: name=value Cookie:JSESSIONID=1A Cookie: price=399;total=1399 (+) sec model : enforcing legitimate traffic only

17 2 Protect Web/API from Known Attack /etc/passwd OR 1=1 --; %2527%2BOR%2B1%253D1%2B%2523; OR 1=1 --; OWASP top 10 Parser Attacks Buffer overflows Zero-day attacks CSRF Cross-site scripting Parameter tampering Evasion technique Forceful browsing Information Leakage Malformed headers Session Hijacking SQL injections Command injection RFI Many more (-) sec model : protecting against known attacks

18 3 Prevent Bot Attack 29% 48% Traffic generated by Humans 48% 23% Traffic generated by Good Bots like Bing, Google Bot 29% Traffic generated by Bad Bots like scanners, password guessing 23% Humans Good Bots Bad Bots Incapsula Bot Traffic Report 2016

19 3 Prevent Bot Attack Validate bot or human on initial site access Bad Bot Differentiate good bots and bad bots Good Bot Scraping and brute force protection Human Real time challenge (js and captcha)

20 4 Stop Bad Users Stop unique device/browser access (Browser fingerprinting) Stop users/sessions that trigger violation (session tracking) Persistent Attacker Anonymous Proxy Vulnerability Scanner Stop users with bad IP reputation Stop users from specific country/region (Geolocation)

21 4 Stop Bad Users

22 5 Mask Sensitive Data Cc=#### #### #### #### Cc=

23 6 See Hostile Traffic

24 6 See Hostile Traffic

25

26

27 Allow TCP/80, TCP/443 Regular user Web server App server DB server Network Firewall Regular user

28

29 Cross-Site Scripting Information Leakage Responsible for 78% of all vulnerabilities 80% Injection 80/20 RULE

30

31

32 WHY F5?

33 F5 is the only vendor who uses the same product for cloud- based as on-premises, which enables simple policy sharing and improved security effectiveness Virtual Edition Secures applications deployed in Virtualized and IaaS environments Datacenter Appliance Protects business critical applications in the datacenter WAF as a Service Immediately turn on new services or scale existing protections without capital investment and resource requirements

34 Gartner Magic Quadrant for WAF F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* F5 is highest in execution within the Leaders Quadrant. * Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D Hoinne, Adam Hils, Claudio Neiva, 7 August 2017 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from F5 Networks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

35 Gartner Magic Quadrant for ADC+WAF? Figure 1. Magic Quadrant for Application Delivery Controllers Source: Gartner (August 2016)

36 Tzoori Tamam F5 WAF Product Manager

37

38 DevCentral AskF5/Support ihealth University

39

40

Herding Cats. Carl Brothers, F5 Field Systems Engineer

Herding Cats. Carl Brothers, F5 Field Systems Engineer Herding Cats Carl Brothers, F5 Field Systems Engineer Agenda Introductions Security is easy, right Trivia Protecting your apps, one layer at a time How to survive an Attack Time permitting F5 Networks,

More information

Imperva Incapsula Website Security

Imperva Incapsula Website Security Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as

More information

F5 Application Security. Radovan Gibala Field Systems Engineer

F5 Application Security. Radovan Gibala Field Systems Engineer 1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities

More information

The Top 6 WAF Essentials to Achieve Application Security Efficacy

The Top 6 WAF Essentials to Achieve Application Security Efficacy The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and

More information

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0 BIG-IP Application Security Manager : Attack and Bot Signatures Version 13.0 Table of Contents Table of Contents Assigning Attack Signatures to Security Policies...5 About attack signatures...5 About

More information

haltdos - Web Application Firewall

haltdos - Web Application Firewall haltdos - DATASHEET Delivering best-in-class protection for modern enterprise Protect your website against OWASP top-10 & Zero-day vulnerabilities, DDoS attacks, and more... Complete Attack Protection

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks Identiteettien hallinta ja sovellusturvallisuus Timo Lohenoja, CISPP Systems Engineer, F5 Networks timo@f5.com Cybersecurity Is Business Continuity Maintain and grow revenue Identify industry threats Protect

More information

Securing the Modern Data Center with Trend Micro Deep Security

Securing the Modern Data Center with Trend Micro Deep Security Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public

More information

Imperva Incapsula Product Overview

Imperva Incapsula Product Overview Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security

More information

Future of Database. - Journey to the Cloud. Juan Loaiza Senior Vice President Oracle Database Systems

Future of Database. - Journey to the Cloud. Juan Loaiza Senior Vice President Oracle Database Systems Future of Database - Journey to the Cloud Juan Loaiza Senior Vice President Oracle Database Systems Copyright 2016, Oracle and/or its affiliates. All rights reserved. Safe Harbor Statement The following

More information

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

CIS 700/002 : Special Topics : OWASP ZED (ZAP) CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of

More information

Web Application Firewall Subscription on Cyberoam UTM appliances

Web Application Firewall Subscription on Cyberoam UTM appliances On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application

More information

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic

More information

THUNDER WEB APPLICATION FIREWALL

THUNDER WEB APPLICATION FIREWALL SOLUTION BRIEF THUNDER WEB APPLICATION FIREWALL STOP WEB ATTACKS TO PREVENT COSTLY DATA BREACHES MOBILE USERS REQUIRE SECURE ALWAYS-ON NETWORK ACCESS Web applications have become the number one battlefield

More information

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide

More information

Enabling Public Cloud Interconnect Services F5 Application Connector

Enabling Public Cloud Interconnect Services F5 Application Connector Enabling Public Cloud Interconnect Services F5 Application Connector Crystal Bong, Product Manager Emergence of Cloud Interconnect These common services are hard to replicate, control, and do not run cheaply

More information

Web Security, Summer Term 2012

Web Security, Summer Term 2012 IIG University of Freiburg Web Security, Summer Term 2012 Web Application: Testing Security Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 10) Web Application: Testing Security 1 Table of

More information

MOBILE SECURITY OVERVIEW. Tim LeMaster

MOBILE SECURITY OVERVIEW. Tim LeMaster MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

dotdefender User Guide Applicure Web Application Firewall

dotdefender User Guide Applicure Web Application Firewall dotdefender User Guide Applicure Web Application Firewall Table of Contents Chapter 1 Introduction... 5 1.1 Overview... 5 1.2 Components... 6 1.2.1 Specific Windows components... 6 1.2.2 Specific Linux/Unix

More information

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance SOLUTION BRIEF FPO Imperva Simplifies and Automates PCI DSS Compliance Imperva Simplifies and Automates PCI DSS Compliance SecureSphere drastically reduces both the risk and the scope of a sensitive data

More information

WHAT S NEW IN SQL SERVER 2016 REPORTING SERVICES?

WHAT S NEW IN SQL SERVER 2016 REPORTING SERVICES? WHAT S NEW IN SQL SERVER 2016 REPORTING SERVICES? Timothy P. McAliley CISA, CISM, CISSP, ITIL V3, MCSA, MCSE, MCT, PMP Microsoft Account Technology Strategist Try It Yourself! Two TechNet Virtual Labs

More information

BIG-IP ASM Operations Guide

BIG-IP ASM Operations Guide BIG-IP ASM Operations Guide A Web Application Firewall that Guards Your Critical Apps With F5 BIG-IP Aplplication Security Manager (ASM), organizations gain the flexibility they need to deploy Web Application

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com

More information

Cloud Computing Private Cloud

Cloud Computing Private Cloud Cloud Computing Private Cloud Amplifying Business Value thru IT Ivo Sladoljev, Territory Manager, Adriatic Region December, 2010. 2010 VMware Inc. All rights reserved Agenda Company Facts VMware Focus

More information

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to

More information

Penetration Testing. James Walden Northern Kentucky University

Penetration Testing. James Walden Northern Kentucky University Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application

More information

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does

More information

Positive Security Model for Web Applications, Challenges. Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security

Positive Security Model for Web Applications, Challenges. Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security Positive Security Model for Web Applications, Challenges and Promise Ofer Shezaf OWASP IL Chapter leader CTO, Breach Security Introduction Breach Security, Inc. Breach Security is the market leader in

More information

Application security : going quicker

Application security : going quicker Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF

More information

SecureSphere Web Application Firewall Test Drive

SecureSphere Web Application Firewall Test Drive Protecting applications against SQL Injection and Zero-Day Attacks SecureSphere Web Application Firewall Test Drive The purpose of this Test Drive is to enable customers to rapidly evaluate SecureSphere

More information

F5 Synthesis Information Session. April, 2014

F5 Synthesis Information Session. April, 2014 F5 Synthesis Information Session April, 2014 Agenda Welcome and Introduction to Customer Technology Challenges Software Defined Application Services Reference Architectures for Today s Customer Challenges

More information

What s New IBM Multi-Channel Feature Pack 2 for IBM Web Experience Factory 8.0.x IBM Corporation

What s New IBM Multi-Channel Feature Pack 2 for IBM Web Experience Factory 8.0.x IBM Corporation What s New IBM Multi-Channel Feature Pack 2 for IBM Web Experience Factory 8.0.x 2013 IBM Corporation Leaders leverage social business for a competitive advantage IBM MobileFirst As a mobile enterprise,

More information

UNE APPROCHE CONVERGÉE AVEC LES SOLUTIONS VCE JEUDI 19 NOVEMBRE Olivier LE ROLLAND : varchitecte Manager, VCE France

UNE APPROCHE CONVERGÉE AVEC LES SOLUTIONS VCE JEUDI 19 NOVEMBRE Olivier LE ROLLAND : varchitecte Manager, VCE France UNE APPROCHE CONVERGÉE AVEC LES SOLUTIONS VCE JEUDI 19 NOVEMBRE 2015 Olivier LE ROLLAND : varchitecte Manager, VCE France VCE SUMMARY A HIGHLY SUCCESSFUL AND INNOVATIVE TECHNOLOGY COMPANY 2009: Joint venture

More information

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017 OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers

More information

Andrés Riancho sec.com H2HC, 1

Andrés Riancho sec.com H2HC, 1 Andrés Riancho andres@bonsai-sec.com sec.com H2HC, HC, Brazil - 2009 1 Web Application Security enthusiast Developer (python!) Open Source Evangelist With some knowledge in networking, IPS design and evasion

More information

Introduction to Amazon Cloud & EC2 Overview

Introduction to Amazon Cloud & EC2 Overview Introduction to Amazon Cloud & EC2 Overview 2015 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent

More information

AKAMAI CLOUD SECURITY SOLUTIONS

AKAMAI CLOUD SECURITY SOLUTIONS AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your

More information

Breaking the Cycle of Failure: Why breaches from known threats still happen.

Breaking the Cycle of Failure: Why breaches from known threats still happen. Breaking the Cycle of Failure: Why breaches from known threats still happen. Don Smith Dell SecureWorks Session ID: STAR-207 Session Classification: Advanced Security Domain Slide Dell SecureWorks in numbers..

More information

TIBCO Cloud Integration Security Overview

TIBCO Cloud Integration Security Overview TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized

More information

EMC Storage Resource Management

EMC Storage Resource Management EMC Storage Resource Management Tim Dell EMC Solutions Manager 1 Resource Reporting.Um yeah 2 Storage Resource Management Software Magic Quadrant for Storage Resource Management and SAN Management Software,

More information

F5 Big-IP Application Security Manager v11

F5 Big-IP Application Security Manager v11 F5 F5 Big-IP Application Security Manager v11 Code: ACBE F5-ASM Days: 4 Course Description: This four-day course gives networking professionals a functional understanding of the BIG- IP LTM v11 system

More information

ECCouncil Certified Ethical Hacker. Download Full Version :

ECCouncil Certified Ethical Hacker. Download Full Version : ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking

More information

dotdefender v5.18 User Guide

dotdefender v5.18 User Guide dotdefender v5.18 User Guide Applicure Web Application Firewall Table of Contents 1. Introduction... 5 1.1 Overview... 5 1.2 Components... 6 1.3 Benefits... 7 1.4 Organization of this Guide... 8 2. Getting

More information

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia Kaspersky Cloud Security for Hybrid Cloud Diego Magni Presales Manager Kaspersky Lab Italia EXPERTISE 1/3 of our employees are R&D specialists 323,000 new malicious files are detected by Kaspersky Lab

More information

OWASP TOP OWASP TOP

OWASP TOP OWASP TOP ANALYZING THE OWASP TOP 10 TOP APPLICATION SECURITY THREATS & HOW TO MITIGATE THEM Cars require seatbelts. Pill bottles need safety caps. Applications need web application firewalls, and for good reason.

More information

Dennis Breithaupt Senior Systems Engineer, Enterprise Accounts 2014 Riverbed Technology. All rights reserved.

Dennis Breithaupt Senior Systems Engineer, Enterprise Accounts 2014 Riverbed Technology. All rights reserved. Dennis Breithaupt Senior Systems Engineer, Enterprise Accounts dennis.breithaupt@riverbed.com 2014 Riverbed Technology. All rights reserved. 1 Data protection challenges Replicating more data more often?

More information

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance

CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance IBM Innovate 2010 CLOUD COMPUTING SECURITY THE SOFT SPOT Security by Application Development Quality Assurance Anthony Lim MBA CISSP CSSLP FCITIL Director, Asia Pacific, Software Security Solutions IBM,

More information

Security Testing White Paper

Security Testing White Paper Security Testing White Paper Table of Contents 1. Introduction... 3 2. Need for Security Testing... 4 3. Security Testing Framework... 5 3.1 THREAT ANALYSIS... 6 3.1.1 Application Overview... 8 3.1.2 System

More information

marko.hotti@microsoft.com GARTNER MAGIC QUADRANT DW & BI Data Warehouse Database Management Systems Business Intelligence and Analytics Platforms * Disclaimer: Gartner does not endorse any vendor, product

More information

Cloudy with a chance of hack. OWASP November, The OWASP Foundation Lars Ewe CTO / VP of Eng. Cenzic

Cloudy with a chance of hack. OWASP November, The OWASP Foundation  Lars Ewe CTO / VP of Eng. Cenzic Cloudy with a chance of hack November, 2010 Lars Ewe CTO / VP of Eng. Cenzic lars@cenzic.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms

More information

Demanding More From Your Enterprise CDN

Demanding More From Your Enterprise CDN Demanding More From Your Enterprise CDN Are you paying by the gigabyte for obsolete tech and old datacenters? A secure CDN uses state-of-the-art hardware, research, and technology. Redefine availability

More information

28 February 1 March 2018, Trafo Baden. #techsummitch

28 February 1 March 2018, Trafo Baden. #techsummitch #techsummitch 28 February 1 March 2018, Trafo Baden #techsummitch Transform your data estate with cloud, data and AI #techsummitch The world is changing Data will grow to 44 ZB in 2020 Today, 80% of organizations

More information

Journey to the Cloud. Jeff Hoehing, Principal Consultant

Journey to the Cloud. Jeff Hoehing, Principal Consultant Journey to the Cloud Jeff Hoehing, Principal Consultant Agenda! Industry/Business Trends! Cloud and DR in the Cloud! Verizon Terremark Overview! Q&A The World in which we Operate has Changed Consumerization

More information

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES:

More information

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -

More information

Sichere Applikations- dienste

Sichere Applikations- dienste Sichere Applikations- dienste Innovate, Expand, Deliver Manny Rivelo Für SaaS und traditionelle Service-Modelle EVP, Strategic Solutions Carsten Langerbein Field Systems Engineer c.langerbein@f5.com Es

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions CIPS ICE: The Tech Day 2013 (Calgary) Proprietary Information -- Copyright

More information

epldt Web Builder Security March 2017

epldt Web Builder Security March 2017 epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication

More information

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar. Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment

More information

Business Logic Attacks BATs and BLBs

Business Logic Attacks BATs and BLBs Business Logic Attacks BATs and BLBs Noa Bar-Yosef Security Research Engineer Imperva 12/02/2009 noa@imperva.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document

More information

Technical Overview. Elastic Path Commerce

Technical Overview. Elastic Path Commerce Technical Overview Elastic Path Commerce Extensible, Easy-to-Integrate, Scalable and More 7 Reasons Why Elastic Path Commerce Is The Best Fit For Your Unique Business 1. API is the Core of Digital Commerce

More information

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

En partenariat avec CA Technologies. Genève, Hôtel Warwick, SIGS Afterwork Event in Geneva API Security as Part of Digital Transformation Projects The role of API security in digital transformation Nagib Aouini, Head of Cyber Security Services Defense & Cyber Security

More information

WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1

WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1 WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1 The most advanced course on web application penetration testing elearnsecurity has been chosen by students in over 140 countries in the world and by

More information

F5 Networks Defence Methodiken auf Transportund Applikationsebene. Specialist SE - Security

F5 Networks Defence Methodiken auf Transportund Applikationsebene. Specialist SE - Security F5 Networks Defence Methodiken auf Transportund Applikationsebene Stephan Schulz Specialist SE - Security s.schulz@f5.com F5 Company Snapshot Founded: 1996 ADC Market Share Headquarters: Seattle, Wa Operations

More information

Web Security. Thierry Sans

Web Security. Thierry Sans Web Security Thierry Sans 1991 Sir Tim Berners-Lee Web Portals 2014 Customer Resources Managemen Accounting and Billing E-Health E-Learning Collaboration Content Management Social Networks Publishing Web

More information

OWASP Broken Web Application Project. When Bad Web Apps are Good

OWASP Broken Web Application Project. When Bad Web Apps are Good OWASP Broken Web Application Project When Bad Web Apps are Good About Me Mordecai (Mo) Kraushar Director of Audit, CipherTechs OWASP Project Lead, Vicnum OWASP New York City chapter member Assessing the

More information

Gladiator Incident Alert

Gladiator Incident Alert Gladiator Incident Alert Allen Eaves Sabastian Fazzino FINANCIAL PERFORMANCE RETAIL DELIVERY IMAGING PAYMENT SOLUTIONS INFORMATION SECURITY & RISK MANAGEMENT ONLINE & MOBILE 1 2016 Jack Henry & Associates,

More information

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE

Enterprise Overview. Benefits and features of Cloudflare s Enterprise plan FLARE Enterprise Overview Benefits and features of s Enterprise plan 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com This paper summarizes the benefits and features of s Enterprise plan. State of

More information

Document version: 1.0 What's inside: Products and versions tested Important:

Document version: 1.0 What's inside: Products and versions tested Important: Deployment Guide Document version: 1.0 What's inside: 2 Prerequisites and configuration notes 2 Configuration example 3 Configuring the BIG-IP ASM for Oracle Database Firewall 3 Configuring the BIG-IP

More information

OWASP CISO Survey Report 2015 Tactical Insights for Managers

OWASP CISO Survey Report 2015 Tactical Insights for Managers OWASP CISO Survey Report 2015 Tactical Insights for Managers Disclaimer The views and opinions expressed in this presentation are those of the author and not of any organisation. Everything I say is my

More information

Blended Security Threats and Mitigations

Blended Security Threats and Mitigations Blended Security Threats and Mitigations Introductions Ben Harder f5 Networks David Remington f5 Networks A Special Thank You to Ron Shuck and the Wichita ISSA Chapter. Some definitions: Blended Attack:

More information

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Threat Modeling. Bart De Win Secure Application Development Course, Credits to Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,

More information

The Barracuda Web Application Firewall Versus Anonymous. Best Practices for Planning and Defending Against Attacks by Anonymous.

The Barracuda Web Application Firewall Versus Anonymous. Best Practices for Planning and Defending Against Attacks by Anonymous. The Barracuda Web Application Firewall Versus Anonymous Best Practices for Planning and Defending Against Attacks by Anonymous White Paper The security analysts at Barracuda Central have been continuously

More information

Cyber Vigilantes. Rob Rachwald Director of Security Strategy. Porto Alegre, October 5, 2011

Cyber Vigilantes. Rob Rachwald Director of Security Strategy. Porto Alegre, October 5, 2011 Cyber Vigilantes Rob Rachwald Director of Security Strategy Porto Alegre, October 5, 2011 Hacking: Industry Analysis Hacking has become industrialized. Attack techniques and vectors keep changing with

More information

Vernetzte Fahrerassistenzsysteme (BMW + AWS ) Hazard Preview

Vernetzte Fahrerassistenzsysteme (BMW + AWS ) Hazard Preview + = Vernetzte Fahrerassistenzsysteme (BMW + AWS ) Hazard Preview Andreas Winckler BMW EE-51 Location Based Services Walter Pernstecher AWS Enterprise Account Management Gartner Magic Quadrant for Cloud

More information

Barracuda NextGen Firewall F

Barracuda NextGen Firewall F Barracuda NextGen Firewall F Protecting your Digital Assets in Microsoft Azure Growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures

More information

Presented By Rick Deacon DEFCON 15 August 3-5, 2007

Presented By Rick Deacon DEFCON 15 August 3-5, 2007 Hacking Social Lives: MySpace.com Presented By Rick Deacon DEFCON 15 August 3-5, 2007 A Quick Introduction Full-time IT Specialist at a CPA firm located in Beachwood, OH. Part-time Student at Lorain County

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

Ruby on Rails Secure Coding Recommendations

Ruby on Rails Secure Coding Recommendations Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional

More information

MWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS

MWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4

More information

HP WebInspect Tools. Software Version: Windows operating systems. Tools Guide for WebInspect Products

HP WebInspect Tools. Software Version: Windows operating systems. Tools Guide for WebInspect Products HP WebInspect Tools Software Version: 10.40 Windows operating systems Tools Guide for WebInspect Products Document Release Date: May 2015 Software Release Date: April 2015 Legal Notices Warranty The only

More information

Copyright 2011 Trend Micro Inc.

Copyright 2011 Trend Micro Inc. Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF

More information

Web Security Part B. Davide Balzarotti

Web Security Part B. Davide Balzarotti Web Security Part B Davide Balzarotti davide@iseclab.org Administrative News 40 Registered students so far... 1 or 2 new registrations every day :( Deadline for registration: next Friday First challenge

More information

What is an application delivery controller?

What is an application delivery controller? What is an application delivery controller? ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery

More information

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER

More information

Deployment Guide Sep-2017 rev. a. PT AF VM Deployment Guide for AVX Series Network Functions Platform

Deployment Guide Sep-2017 rev. a. PT AF VM Deployment Guide for AVX Series Network Functions Platform Deployment Guide Sep-2017 rev. a PT AF VM Deployment Guide for AVX Series Network Functions Platform Table of Contents Table of Contents... 1 1. About PT AF on AVX... 2 2. Deploying the PT AF VM on AVX...

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may

More information

HTML5 a clear & present danger

HTML5 a clear & present danger HTML5 a clear & present danger Renaud Bidou CTO 1/29/2014 Deny All 2012 1 1/29/2014 Deny All 2013 1 Menu 1. HTML5 new capabilities 2. HTML5 tricks 3. Empowering common threats 4. Hackers dreams come true

More information

StarWind Virtual SAN Free

StarWind Virtual SAN Free #1 HyperConverged Appliance for SMB and ROBO StarWind Virtual SAN Free Value Proposition For virtualization admins, IT geeks, bloggers, students or those who look to build and maintain virtualization infrastructure

More information

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015 INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3

More information

CIO Update: Security Platforms Will Transform the Network Security Arena

CIO Update: Security Platforms Will Transform the Network Security Arena IGG-11202002-02 J. Pescatore, M. Easley, R. Stiennon Article 20 November 2002 CIO Update: Security Platforms Will Transform the Network Security Arena An integrated network security platform approach will

More information

Commerce PCI: A Four-Letter Word of E-Commerce

Commerce PCI: A Four-Letter Word of E-Commerce Commerce PCI: A Four-Letter Word of E-Commerce Presented by Matt Kleve (vordude) http://www.flickr.com/photos/shawnzlea/527857787/ Who is this guy? 5 years of Drupal Been in the PCI 'trenches' Drupal Security

More information

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?

Why bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions? Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords

More information