Professional Documents
Culture Documents
We App5ication Security
specia5ist6 &e,e5oper(
7n the nutshe55*
4( We app5ications are dep5oyed terri5y insecure(
2( &e,e5opers shou5d, o" course, continue to stri,e to
ui5d etter!more secure so"t+are(
8( 9ut in the meantime, sysadmins must do something
aout it( :Or, as 7 5i.e to say* We need ery help
we can #et(;
)* Insecure applications aside+ WAFs are an
i,portant buildin# bloc" in eery -TTP
networ"*
) OWASP AppSec Europe $%%&
.etwor" Firewalls /o .ot Wor" For -TTP
Firewall
Port 80
HTTP Traffic
Web
Client
Web
Server
Application
Application
Database
Server
0 OWASP AppSec Europe $%%&
WAFE1 234
$ine sections*
3* /eploy,ent Architecture
$* -TTP and -T'6 Support
(* /etection Techni7ues
)* Preention Techni7ues
0* 6o##in#
6( @eporting
1( )anagement
3( Per"ormance
A( B)'
8 OWASP AppSec Europe $%%&
WAFE1 2(4
WAF>C is not "or
the ,endors(
It5s for the users*
2So please oice your opinions94
http:::www*webappsec*or#:pro;ects:wafec:
< OWASP AppSec Europe $%%&
WAF Identity Proble, 234
'oad a5ancing
C5ustering
%@' re+riting
Fand so on
33 OWASP AppSec Europe $%%&
WAF Identity Proble, 2)4
Gey "actors*
4( App5ication Assurance ,endors are ,ery strong(
2( We App5ication Fire+a55 ,endors not as much(
@esu5t*
7n the meantime*
%p5oaded "i5es(
?loc"in# features*
Transaction
Connection
7P Address
Session
%ser
Honeypot redirection
Stateful operation:
7P Address data
Session data
%ser data
Eent 1orrelation
-i#h aailability:
Fai5o,er
'oad-a5ancing
C5ustering
State rep5ication
3& OWASP AppSec Europe $%%&
-ard>1oded Protection Techni7ues 234
1oo"ie protection
Sign!encrypt!,irtua5ise
Sign!encrypt!,irtua5ise
Pre,ent "iDation(
?rute>force protection
6in" alidation
Signing
Iirtua5isation
Statica55y
&ynamica55y
3< OWASP AppSec Europe $%%&
Other Thin#s To 1onsider 234
'ana#e,ent*
@'6*
EAtensibility*
Perfor,ance*
Throughput(
'atency(
$% OWASP AppSec Europe $%%&
Sinatures and
!ules
$3 OWASP AppSec Europe $%%&
Si#natures or !ules?
3* Si#natures
Centra5isation(
>asy to add(
A potentia5 ott5enec.(
>asy to add(
($ OWASP AppSec Europe $%%&
/eploy,ent 2&4
8( @e,erse proDy
A potentia5 ott5enec.(
Transparent caching
SS' termination
(< OWASP AppSec Europe $%%&
Scalability !eerse ProAy 20:04
'oad a5ancing
Fau5t to5erance
C5ustering
(= OWASP AppSec Europe $%%&
Open Source
Approach( Apache
) $odSecurity
)% OWASP AppSec Europe $%%&
Apache
7mpro,ed authentication(
7n the )
th
year o" de,e5opment(
Add )odSecurity(
Strong areas*
Auditin#:lo##in# support*
Cust>in>ti,e patchin#*
Preention*
Dery confi#urable:pro#ra,,able*
Wea. areas*