Web Application Firewalls: Panel Discussion · 2/22/2006  ·

Preview:

Click to see full reader

Citation preview

Copyright © 2004 - The OWASP Foundation

Permission is granted to copy, distribute and/or modify this document

under the terms of the GNU Free Documentation License.

The OWASP Foundation

OWASP

http://www.owasp.org

Web Application Firewalls:

Panel Discussion

Sebastien Deleersnyder

CISSP

Feb, 2006

sdl@ascure.com

OWASP 2

Agenda

<Panel Introduction<WAF Primer<Panel Discussion

OWASP 3

Agenda

<Panel Introduction<WAF Primer <Panel Discussion

OWASP 4

Panel Introduction

<Philippe Bogaerts, BeeWare <Jaak Cuppens, F5 Networks <Tim Groenwals, Agfa Gevaert <Lieven Desmet, K.U.Leuven<David Van der Linden, ING

OWASP 5

Agenda

<Introduction<WAF Primer<Panel Discussion

OWASP 6

Network Firewalls Do Not Work

Firewall

Port 80 (443)

HTTP(S) Traffic

WebClient

WebServer

Application

Application

DatabaseServer

OWASP 7

Enter Web Application Firewall Era

<HW/SW that mitigates web application vulnerabilities:4Invalidated Input4Parameter tampering4Injection Flaws4…

OWASP 8

Web Application Firewalls

<They understand HTTP/HTML very well<They work after traffic is decrypted, or can

otherwise terminate SSL<Prevention is possible

OWASP 9

Topologies

<Network-based:4Protects any web server4Works with many servers at once

<Web server-based:4Closer to the application4Limited by the web server API

OWASP 10

WAF functionality

<Rule-based:4Uses rules to look for known vulnerabilities4Or rules to look for classes of attack4Rely on rule databases

<Anomaly-based:4Attempts to figure out what normal operation means

OWASP 11

WAF Protection Strategies

<Negative security model:4Deny what might be dangerous.4Do you always know what is dangerous?

<Positive security model:4Allow what is known to be safe.4Positive security model is better.

OWASP 12

Vendors

<MOD-Security<Beeware IntelliWall<Citrix NetScaler

Application Firewall (Teros)

<DenyAll rWeb<F5 TrafficShield

(Magnifire)< Imperva SecureSphere<Netcontinuum<Breach BreachGate

WebDefend<…

<eEye SecureIIS<Microsoft URLScan

WAF?<CheckPoint Application

Intelligence?<MS ISA Server?

Dead:<Kavado InterDo<Watchfire AppShield

(Sanctum)<Ubizen DMZShield

OWASP 13

Agenda

<Introduction<WAF Primer<Panel Discussion

OWASP 14

How mature are WAFs?

OWASP 15

Panel Discussion

<What do WAFs protect you from? What not?

<Where do you position WAFs in your architecture?

<What WAF functionality do you really need?

<How to reduce TCO?<Who administrates a WAF within the

organisation?

Recommended

Panel*Discussion - AgriThority
Documents
Women's affinity panel discussion
Business
VIII.Legislative Assignments University Contracts Panel Discussion Panel Discussion Staff Report Staff Report Council Discussion Council Discussion
Documents
Scotiabank Mining Panel Discussion
Investor Relations
Open Panel Discussion
Documents
Panel Discussion:
Documents
AMCIS Panel Discussion
Documents
Panel discussion
Documents
Panel discussion - AUH
Documents
Panel Discussion 1
Documents
More_with_Less? IPC Panel Discussion
Health & Medicine
2.10.3 panel discussion 2
Health & Medicine
1415 1455 panel discussion
Health & Medicine
obstetric emergencies panel discussion
Health & Medicine
CSEDay Panel Discussion Presentation
Documents
Panel Discussion Ppt
Documents
Midface Lif. Panel Discussion
Documents
Career discussion panel
Presentations & Public Speaking
Gst panel discussion
Economy & Finance
Panel discussion
Documents