SlideShare uma empresa Scribd logo

Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019

A
African Cyber Security Summit

Pour prioriser efficacement vos efforts, vous devez d'abord comprendre vos applications - ses composantes clés et ses domaines de vulnérabilité. Considérez les plates-formes sur lesquelles l'application réside ; les données qui transitent entre un utilisateur et une application ; le DNS qui résout l'adresse IP pour accéder à l'application; les serveurs Web et d'application ; et les API associées qui sont utilisées par d'autres applications et systèmes. F5 améliore de façon unique la stratégie de sécurité que votre entreprise souhaite adopter avec des solutions et des services de sécurité définis par des politiques et des contrôles robustes et simplifie la gestion efficace des facteurs de risque qui sont en constante évolution. « Si vous voulez protéger les outils qui pilotent votre business, cela signifie protéger les applications qui les font fonctionner » Karim ZGUIOUI - Systems Engineer North Africa - F5

Tecnologia
1 de 24
Baixar para ler offline
| ©2019 F5 NETWORKS1 Adopt an advanced application security approach June 16, 2019 Karim Zguioui - Systems Engineer
Physical Capital BP Cadbury Rio Tinto Rolls-Royce Human Capital Deloitte IBM Legal & General Application Capital ASOS Facebook Netflix Rightmove
The business The reason people use the Internet The gateway to DATA the target APPLICATIONS ARE Data is the currency Your Data has value
EXPANDING THREAT SURFACE AREA 86% of all cyber-threats target applications and application identities1* APPLICATION INVENTORY 0% of customers can state with confidence, the number of applications in their portfolio2 INADEQUATE VISIBILITY 0% of customers have the visibility they need to effectively manage their application portfolio2 1F5 Labs Application Protection Report 2018 2F5 SOAS Report 2019 *Remaining 14% is physical attacks and “other” (including VPN, network, DNS and direct database and ATM attacks)
TLS Access Man-in-the-browser Client Session hijacking Malware Cross-site request forgery Abuse of functionality Man-in-the-middle DDoS Malware API attacks Injection Cross-site scripting Cross-site request forgery Certificate spoofing Protocol abuse Session hijacking Key disclosure DNS hijacking DDoS DNS spoofing DNS cache poisoning Man-in-the-middle App services DNS DDoS Eavesdropping Protocol abuse Man-in-the-middle Credential theft Credential stuffing Session hijacking Brute force Phishing Network DDoS Cross-site scripting Dictionary attacks
Man-in-the-browser Client Session hijacking Malware Cross-site request forgery DNS hijacking DDoS DNS spoofing DNS cache poisoning Man-in-the-middle DNS DDoS Eavesdropping Protocol abuse Man-in-the-middle Network TLSCertificate spoofing Protocol abuse Session hijacking Key disclosure DDoS Cross-site scripting Dictionary attacks Access Abuse of functionality Man-in-the-middle DDoS Malware API attacks Injection Cross-site scripting Cross-site request forgery App services Credential theft Credential stuffing Session hijacking Brute force Phishing
DDoS Protection TLS/SSL visibility & Orchestration Intelligent DNS Web App and API Protection Access Management Application Threats at Each Tier Ensure your apps are always up and running, protected against Multi- vector DDoS attacks Go beyond visibility with orchestration of TLS/SSL encrypted traffic Secure your DNS infrastructure Enable secure anytime, anywhere access to apps wherever they reside Protect against application exploits and fraud, deter unwanted bots and other automated threats, and ensure appropriate authentication and authorization for APIs
Web App Attacks are the #1 Source of Data Breaches 2019 Verizon Data Breach Investigations Report ”Web Application Attacks remains the most prevalent” “Use of stolen credentials against web applications was the dominant hacking tactic“
58% 56% 6% 4% 3% 2% 2% 1% 1% PHP SQL Exchweb Comments Cart Betablock Admin Affiliates Login Application Attacks Injection à PHP & SQL
1 Understand Your Environment CISO’S #1 MISSION Prevent Downtime EVERYONE’S #1 CHALLENGE Visibility
Reduce Your Attack Surface 2 Sub domains hosting other versions of the main application site Dynamic web page generators HTTP headers and cookies Admin interfaces Apps/files linked to the app Web service methods Helper apps on client (java, flash) Server-side features such as search Web pages and directories Shells, Perl/PHP Data entry forms Administrative and monitoring stubs and tools Events of the application—triggered server-side code Backend connections through the server (injection) APIs Cookies/state tracking mechanisms Data/active content pools—the data that populates and drives pages
Prioritize Defenses Based on risk 3 Focus OpEx & CapEx spend Security value Effort by organisation ”if you focus on results, you will never change. If you focus on change, you will get results.
• Please select one response. 1. 2. 3. 4. 5.
The most important gap when deploying an application … Bot Protection API Protection SSL Orchestration Zero Trust Access Security Orientations Source: State Of Application Services Report, F5 Networks, Janvier 2019 Protection WAF 66% 2019 – 56% in 2015 Protection DDoS 67% 2019 – 53% in 2015 Security adoption is increasing Fraud 69% 2019 – 41% in 2015 32% 32% 39% 43% 60% 2015 2016 2017 2018 2019 Security
Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019

Recomendados

Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
OWASP Top 10 Overview
OWASP Top 10 OverviewOWASP Top 10 Overview
OWASP Top 10 OverviewPiTechnologies
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
OWASP Evening #10 Serbia
OWASP Evening #10 SerbiaOWASP Evening #10 Serbia
OWASP Evening #10 SerbiaPredrag Cujanović
 
OWASP Evening #10
OWASP Evening #10OWASP Evening #10
OWASP Evening #10Predrag Cujanović
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentPrahlad Reddy
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 

Recomendados

Are you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsAre you fighting_new_threats_with_old_weapons
Are you fighting_new_threats_with_old_weaponsBhargav Modi
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
OWASP Top 10 Overview
OWASP Top 10 OverviewOWASP Top 10 Overview
OWASP Top 10 OverviewPiTechnologies
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSTobias Koprowski
 
OWASP Evening #10 Serbia
OWASP Evening #10 SerbiaOWASP Evening #10 Serbia
OWASP Evening #10 SerbiaPredrag Cujanović
 
OWASP Evening #10
OWASP Evening #10OWASP Evening #10
OWASP Evening #10Predrag Cujanović
 
BAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentBAI Security - Brochure - Compromise Assessment
BAI Security - Brochure - Compromise AssessmentPrahlad Reddy
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
2014 Threat Detection Checklist: Six ways to tell a criminal from a customer2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
2014 Threat Detection Checklist: Six ways to tell a criminal from a customerEMC
 
C01461422
C01461422C01461422
C01461422IOSR Journals
 
Information security
Information securityInformation security
Information securitySathyanarayana Panduranga
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesLeMeniz Infotech
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentationkdore
 
Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?ObserveIT
 
Web Filters
Web FiltersWeb Filters
Web FiltersSwiftTech Solutions, Inc.
 
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsCurrent Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsIJCSEA Journal
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devicesLeMeniz Infotech
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Research Paper
Research PaperResearch Paper
Research PaperDavid Chaponniere
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 

Mais conteúdo relacionado

Mais procurados

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
2014 Threat Detection Checklist: Six ways to tell a criminal from a customer2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
2014 Threat Detection Checklist: Six ways to tell a criminal from a customerEMC
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesLeMeniz Infotech
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentationkdore
 
Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?ObserveIT
 
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsCurrent Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsIJCSEA Journal
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level AttacksEC-Council
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devicesLeMeniz Infotech
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flawstobybear30
 
Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 

Mais procurados (20)

2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
2014 Threat Detection Checklist: Six ways to tell a criminal from a customer2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
2014 Threat Detection Checklist: Six ways to tell a criminal from a customer
 
C01461422
C01461422C01461422
C01461422
 
Information security
Information securityInformation security
Information security
 
Android security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defensesAndroid security a survey of issues, malware penetration, and defenses
Android security a survey of issues, malware penetration, and defenses
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
Content filters presentation
Content filters presentationContent filters presentation
Content filters presentation
 
Super User or Super Threat?
Super User or Super Threat?Super User or Super Threat?
Super User or Super Threat?
 
Web Filters
Web FiltersWeb Filters
Web Filters
 
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsCurrent Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Context based access control systems for mobile devices
Context based access control systems for mobile devicesContext based access control systems for mobile devices
Context based access control systems for mobile devices
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
 
Web application security I
Web application security IWeb application security I
Web application security I
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and IT
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Research Paper
Research PaperResearch Paper
Research Paper
 

Semelhante a Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019

APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfFahmiDzikrullah
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Alan Kan
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricDATA SECURITY SOLUTIONS
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYijistjournal
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...WSO2
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Eoin Keary
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityDistil Networks
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET Journal
 
Survey on detecting and preventing web application broken access control attacks
Survey on detecting and preventing web application broken access control attacksSurvey on detecting and preventing web application broken access control attacks
Survey on detecting and preventing web application broken access control attacksIJECEIAES
 
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Secure your app against DDOS, API Abuse, Hijacking, and Fraud Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Secure your app against DDOS, API Abuse, Hijacking, and FraudTu Pham
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral AnalyticsAPIsecure_ Official
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEoin Keary
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 

Semelhante a Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019 (20)

APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 
F5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdfF5-API-Security-Best-Practices.pdf
F5-API-Security-Best-Practices.pdf
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
 
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
apidays London 2023 - APIs: The Attack Surface That Connects Us All, Stefan M...
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
 
Keeping up with the Revolution in IT Security
Keeping up with the Revolution in IT SecurityKeeping up with the Revolution in IT Security
Keeping up with the Revolution in IT Security
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
IRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability ScannerIRJET - Web Vulnerability Scanner
IRJET - Web Vulnerability Scanner
 
Survey on detecting and preventing web application broken access control attacks
Survey on detecting and preventing web application broken access control attacksSurvey on detecting and preventing web application broken access control attacks
Survey on detecting and preventing web application broken access control attacks
 
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Secure your app against DDOS, API Abuse, Hijacking, and Fraud Secure your app against DDOS, API Abuse, Hijacking, and Fraud
Secure your app against DDOS, API Abuse, Hijacking, and Fraud
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics2022 APIsecure_Understanding API Abuse With Behavioral Analytics
2022 APIsecure_Understanding API Abuse With Behavioral Analytics
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics Report
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
 

Mais de African Cyber Security Summit

Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...
Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...
Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...African Cyber Security Summit
 
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...African Cyber Security Summit
 
Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...
Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...
Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...African Cyber Security Summit
 
Conférence - Le métier du RSSI en pleine évolution - #ACSS2019
Conférence - Le métier du RSSI en pleine évolution - #ACSS2019Conférence - Le métier du RSSI en pleine évolution - #ACSS2019
Conférence - Le métier du RSSI en pleine évolution - #ACSS2019African Cyber Security Summit
 
Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...
Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...
Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...African Cyber Security Summit
 
Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...
Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...
Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...African Cyber Security Summit
 
Conférence - Digital Identity and Blockchain - #ACSS2019
Conférence - Digital Identity and Blockchain - #ACSS2019Conférence - Digital Identity and Blockchain - #ACSS2019
Conférence - Digital Identity and Blockchain - #ACSS2019African Cyber Security Summit
 

Mais de African Cyber Security Summit (20)

Bilan & Perspectives #ACSS2019
Bilan & Perspectives #ACSS2019Bilan & Perspectives #ACSS2019
Bilan & Perspectives #ACSS2019
 
Rapport de Visibilité #ACSS2019
Rapport de Visibilité #ACSS2019Rapport de Visibilité #ACSS2019
Rapport de Visibilité #ACSS2019
 
Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019
 
Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019Atelier Technique - F5 - #ACSS2019
Atelier Technique - F5 - #ACSS2019
 
Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019Atelier Technique - Symantec - #ACSS2019
Atelier Technique - Symantec - #ACSS2019
 
Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...
Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...
Conférence - Les enjeux et la vision de Veritas sur la protection des donnée...
 
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
 
Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...
Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...
Conférence - Loi 18-07 du 10 Juin 2018 : la protection des données à caractèr...
 
Conférence - Le métier du RSSI en pleine évolution - #ACSS2019
Conférence - Le métier du RSSI en pleine évolution - #ACSS2019Conférence - Le métier du RSSI en pleine évolution - #ACSS2019
Conférence - Le métier du RSSI en pleine évolution - #ACSS2019
 
Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...
Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...
Conférence - Vecteurs d'attaques basées sur les navigateurs et comment se pro...
 
Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...
Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...
Conférence - Pourquoi le PAM (Privileged Access Management) doit-il être le s...
 
Conférence - Digital Identity and Blockchain - #ACSS2019
Conférence - Digital Identity and Blockchain - #ACSS2019Conférence - Digital Identity and Blockchain - #ACSS2019
Conférence - Digital Identity and Blockchain - #ACSS2019
 
Bilan & Perspectives - ACSS 2018
Bilan & Perspectives - ACSS 2018Bilan & Perspectives - ACSS 2018
Bilan & Perspectives - ACSS 2018
 
Rapport de Visibilité ACCS 2018
Rapport de Visibilité ACCS 2018Rapport de Visibilité ACCS 2018
Rapport de Visibilité ACCS 2018
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
Atelier Technique SYMANTEC ACSS 2018
Atelier Technique SYMANTEC ACSS 2018Atelier Technique SYMANTEC ACSS 2018
Atelier Technique SYMANTEC ACSS 2018
 
Atelier Technique MANAGE ENGINE ACSS 2018
Atelier Technique MANAGE ENGINE ACSS 2018Atelier Technique MANAGE ENGINE ACSS 2018
Atelier Technique MANAGE ENGINE ACSS 2018
 
Atelier Technique EXTREME NETWORKS ACSS 2018
Atelier Technique EXTREME NETWORKS ACSS 2018Atelier Technique EXTREME NETWORKS ACSS 2018
Atelier Technique EXTREME NETWORKS ACSS 2018
 
Atelier Technique WALLIX ACSS 2018
Atelier Technique WALLIX ACSS 2018Atelier Technique WALLIX ACSS 2018
Atelier Technique WALLIX ACSS 2018
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 

Último

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Conférence - Adopter une approche de sécurité applicative avancée - #ACSS 2019

  • 1. | ©2019 F5 NETWORKS1 Adopt an advanced application security approach June 16, 2019 Karim Zguioui - Systems Engineer
  • 2. Physical Capital BP Cadbury Rio Tinto Rolls-Royce Human Capital Deloitte IBM Legal & General Application Capital ASOS Facebook Netflix Rightmove
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. The business The reason people use the Internet The gateway to DATA the target APPLICATIONS ARE Data is the currency Your Data has value
  • 10. EXPANDING THREAT SURFACE AREA 86% of all cyber-threats target applications and application identities1* APPLICATION INVENTORY 0% of customers can state with confidence, the number of applications in their portfolio2 INADEQUATE VISIBILITY 0% of customers have the visibility they need to effectively manage their application portfolio2 1F5 Labs Application Protection Report 2018 2F5 SOAS Report 2019 *Remaining 14% is physical attacks and “other” (including VPN, network, DNS and direct database and ATM attacks)
  • 11. TLS Access Man-in-the-browser Client Session hijacking Malware Cross-site request forgery Abuse of functionality Man-in-the-middle DDoS Malware API attacks Injection Cross-site scripting Cross-site request forgery Certificate spoofing Protocol abuse Session hijacking Key disclosure DNS hijacking DDoS DNS spoofing DNS cache poisoning Man-in-the-middle App services DNS DDoS Eavesdropping Protocol abuse Man-in-the-middle Credential theft Credential stuffing Session hijacking Brute force Phishing Network DDoS Cross-site scripting Dictionary attacks
  • 12.
  • 13. Man-in-the-browser Client Session hijacking Malware Cross-site request forgery DNS hijacking DDoS DNS spoofing DNS cache poisoning Man-in-the-middle DNS DDoS Eavesdropping Protocol abuse Man-in-the-middle Network TLSCertificate spoofing Protocol abuse Session hijacking Key disclosure DDoS Cross-site scripting Dictionary attacks Access Abuse of functionality Man-in-the-middle DDoS Malware API attacks Injection Cross-site scripting Cross-site request forgery App services Credential theft Credential stuffing Session hijacking Brute force Phishing
  • 14.
  • 15. DDoS Protection TLS/SSL visibility & Orchestration Intelligent DNS Web App and API Protection Access Management Application Threats at Each Tier Ensure your apps are always up and running, protected against Multi- vector DDoS attacks Go beyond visibility with orchestration of TLS/SSL encrypted traffic Secure your DNS infrastructure Enable secure anytime, anywhere access to apps wherever they reside Protect against application exploits and fraud, deter unwanted bots and other automated threats, and ensure appropriate authentication and authorization for APIs
  • 16. Web App Attacks are the #1 Source of Data Breaches 2019 Verizon Data Breach Investigations Report ”Web Application Attacks remains the most prevalent” “Use of stolen credentials against web applications was the dominant hacking tactic“
  • 18.
  • 20. Reduce Your Attack Surface 2 Sub domains hosting other versions of the main application site Dynamic web page generators HTTP headers and cookies Admin interfaces Apps/files linked to the app Web service methods Helper apps on client (java, flash) Server-side features such as search Web pages and directories Shells, Perl/PHP Data entry forms Administrative and monitoring stubs and tools Events of the application—triggered server-side code Backend connections through the server (injection) APIs Cookies/state tracking mechanisms Data/active content pools—the data that populates and drives pages
  • 21. Prioritize Defenses Based on risk 3 Focus OpEx & CapEx spend Security value Effort by organisation ”if you focus on results, you will never change. If you focus on change, you will get results.
  • 22. • Please select one response. 1. 2. 3. 4. 5.
  • 23. The most important gap when deploying an application … Bot Protection API Protection SSL Orchestration Zero Trust Access Security Orientations Source: State Of Application Services Report, F5 Networks, Janvier 2019 Protection WAF 66% 2019 – 56% in 2015 Protection DDoS 67% 2019 – 53% in 2015 Security adoption is increasing Fraud 69% 2019 – 41% in 2015 32% 32% 39% 43% 60% 2015 2016 2017 2018 2019 Security