© 2014 Citrix. Confidential.1
TechEdge 2014
© 2014 Citrix. Confidential.2
How to protect against Top Web Security Issues
with NetScaler
© 2014 Citrix. Confidential.3
OWASPwww.owasp.org
© 2014 Citrix. Confidential.4
TopWeb Application Security Vulnerabilities
© 2014 Citrix. Confidential.5
The world’s most advanced cloud networking platform
© 2014 Citrix. Confidential.6
© 2014 Citrix. Confidential.7
© 2014 Citrix. Confidential.8
#1 Injection
© 2014 Citrix. Confidential.9
Injection Preventions
Signatures
© 2014 Citrix. Confidential.10
#2 Authentication/Session Management
© 2014 Citrix. Confidential.11
AAA
Cookie Protections
SSL/TLS
© 2014 Citrix. Confidential.12
#3 Cross-Site Scripting
© 2014 Citrix. Confidential.13
XSSXSS Preventions
Signatures
© 2014 Citrix. Confidential.14
#4 Insecure Direct Object References#5 Security Misconfiguration#6 Sensitive Data Exposure#7 Missing Function Level Access Control#8 Cross-site Request Forgery (CSRF)#9 Using vulnerable components#10 Unvalidated Redirects and Forwards
© 2014 Citrix. Confidential.15
Feedback
Please tweet about this session
#SYN607 and #CitrixSynergy
Andrew @NStipster
Lucas @NS_Informer
NetScaler @netscaler
© 2014 Citrix. Confidential.16
WORK BETTER. LIVE BETTER.