SlideShare uma empresa Scribd logo

Implementing a WAF

Mark Hillick
Mark Hillick

Presentation @ local Owasp Ireland Chapter on my experiences of implementing a Web Application Firewall

Tecnologia
1 de 42
TRIALS & TRIBULATIONS OF WAF MARK HILLICK - @MARKOFU Thursday 20 May 2010
AWK -F: '/ROOT/ {PRINT $5}' /ETC/PASSWD Mark Hillick Thursday 20 May 2010
PHASES Introduction Starting Out Design Test Implementation Post-Implementation Thursday 20 May 2010
INTRODUCTION - WHAT IS A WAF? Thursday 20 May 2010
INTRODUCTION - WAF TODAY? WAF Marketplace Maturing Compliance Boo Thursday 20 May 2010
INTRODUCTION - WAF TODAY? WAF deployments were initially propelled by PCI ......... but are now increasingly driven by security best practices. Source: Forrester 2010 Thursday 20 May 2010
INTRODUCTION - NUMBERS $200 million 20% Thursday 20 May 2010
INTRODUCTION - VENDORS Software/Hardware Commercial/Open Source Thursday 20 May 2010
INTRODUCTION - EH???? WHAT???? XSS XSRF SQL Injection APT Zero Day Click Jacking Cookie/Session Hijacking Thursday 20 May 2010
INTRODUCTION - COMPETITORS IDS Reverse Proxy IPS Network FW Proxy Secure Code Thursday 20 May 2010
INTRODUCTION - PRE-SALES Know your subject Question, Ask, Query, Demand Plan, Test, Plan, Test Thursday 20 May 2010
STARTING OUT - GOAL Thursday 20 May 2010
STARTING OUT - RESEARCH Research -> knowledge & understanding Thursday 20 May 2010
STARTING OUT - SATISTICS 6.5 times more expensive to fix a flaw in development than during design, 15 times more in testing, and 100 times more in development. Source http://2010survey.whitehatimperva.com/ Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (1) Technical issues in business language (e.g. just-in- time patching) and a bit of Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (2) Know your costs Advantages over cheaper alternatives! Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (4) There is a disconnect between the acknowledgement of security issues and the willingness to fix them.  Source: The HP Security Laboratory Blog Thursday 20 May 2010
STARTING OUT - INTERNAL SELL (4) Do not oversell WAF != unhackable Thursday 20 May 2010
STARTING OUT - PLAN (1) I love it when...... Copyright © NBC Thursday 20 May 2010
STARTING OUT - PLAN (2) WANTED!!!! Owner/Champion/Lover Thursday 20 May 2010
STARTING OUT - PLAN (3) Thursday 20 May 2010
STARTING OUT - PLAN (4) UAT & SDLC Configuration - Delegation? Alerting Incident Response Plan Logging & Analysis Reporting Thursday 20 May 2010
TEST - TEST SOURCE: http://www.flickr.com/photos/ kodomut/ Thursday 20 May 2010
TEST - SDLC How does it change? When? Who? Thursday 20 May 2010
TEST - OPERATIONAL Not what you want, is it? Thursday 20 May 2010
TEST - FUNCTIONAL Functional Generic Specific SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
TEST - STRESS STRESS == LEARNING SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
TEST - THE FUN ‘BIT’ Does it work....... SOURCE: http://nmap.org/movies.html Copyright © Warner Bros. Thursday 20 May 2010
TEST - POLICY Administration Policy Who has access? Delegation? Change Management - different? Incident Response Plan? What is an Incident? Thursday 20 May 2010
IMPLEMENTATION - PLAN Plan B? Copyright © Fox Thursday 20 May 2010
IMPLEMENTATION - ALMOST Almost there, don’t cut corners! COMPLETE TESTING FULLY!!!!! Thursday 20 May 2010
IMPLEMENTATION - SET-UP +.ve Security Model Transparent Informational Logging Generic versus Specific Analysis Reporting Thursday 20 May 2010
IMPLEMENTATION - READ Check your logs!!! Thursday 20 May 2010
IMPLEMENTATION - HACK External Testing Thursday 20 May 2010
IMPLEMENTATION Transparent -> Blocking Generic -> Specific Thursday 20 May 2010
POST-IMPLEMENTATION - WAF Your infrastructure has changed!! Patching, Policy Changes, Application Upgrades Thursday 20 May 2010
POST-IMP - STILL, OH YES? SDLC Network Firewall & ACLs Code Analysis Penetration &Vulnerability Testing Incident Response Plan???? -> Incident? What? Thursday 20 May 2010
POST-IMP - TICK TOCK, NO MORE!! Thursday 20 May 2010
POST-IMP - USE IT! NO!!!!!! Thursday 20 May 2010
POST-IMPLEMENTATION - STILL? As someone-else once said!! Thursday 20 May 2010
RESOURCES SANS Reading Room (Scareware via Web App exploit) SANS, Owasp, WebAppSec Web 2.0 -> Blogs, Twitter Vendor Sites Thursday 20 May 2010
CONCLUSION - WAF Extra layer of defence but also admin Can be an excellent and effective solution Is it what I need? Only a part of defence-in-depth!!!! Thursday 20 May 2010

Recomendados

Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up ICS
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Aadhaar at 5th_elephant_v3
Aadhaar at 5th_elephant_v3Aadhaar at 5th_elephant_v3
Aadhaar at 5th_elephant_v3Regunath B
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Active directoryと認証・認可
Active directoryと認証・認可Active directoryと認証・認可
Active directoryと認証・認可Hiroki Kamata
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 

Recomendados

Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up ICS
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Aadhaar at 5th_elephant_v3
Aadhaar at 5th_elephant_v3Aadhaar at 5th_elephant_v3
Aadhaar at 5th_elephant_v3Regunath B
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
CyberSecurity Medical Devices
CyberSecurity Medical DevicesCyberSecurity Medical Devices
CyberSecurity Medical DevicesSuresh Mandava
 
Active directoryと認証・認可
Active directoryと認証・認可Active directoryと認証・認可
Active directoryと認証・認可Hiroki Kamata
 
Security services mind map
Security services mind mapSecurity services mind map
Security services mind mapDavid Kennedy
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Graphes et détection de fraude : exemple de l'assurance
Graphes et détection de fraude : exemple de l'assuranceGraphes et détection de fraude : exemple de l'assurance
Graphes et détection de fraude : exemple de l'assuranceLinkurious
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
iso 20000-1- 2018.pdf
iso 20000-1- 2018.pdfiso 20000-1- 2018.pdf
iso 20000-1- 2018.pdfAhmed kamal
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance frameworkMing-Chang (Bright) Wu
 
IoT Asset Management
IoT Asset Management IoT Asset Management
IoT Asset Management Kelly Potter
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementOnur Yuksektepeli
 
FAPI 最新情報 - OpenID BizDay #15
FAPI 最新情報 - OpenID BizDay #15FAPI 最新情報 - OpenID BizDay #15
FAPI 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
What’s New in OpenText Content Suite 16
What’s New in OpenText Content Suite 16What’s New in OpenText Content Suite 16
What’s New in OpenText Content Suite 16OpenText
 
Shift Left fängt ganz links an
Shift Left fängt ganz links anShift Left fängt ganz links an
Shift Left fängt ganz links anBATbern
 
NLU-MAP. IBM Watson NLU with Mind Mapping automation
NLU-MAP. IBM Watson NLU with Mind Mapping automationNLU-MAP. IBM Watson NLU with Mind Mapping automation
NLU-MAP. IBM Watson NLU with Mind Mapping automationJosé M. Guerrero
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
Secure PHP Development with Inspekt
Secure PHP Development with InspektSecure PHP Development with Inspekt
Secure PHP Development with Inspektfunkatron
 
台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察Chili Consulting
 

Mais conteúdo relacionado

Mais procurados

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Graphes et détection de fraude : exemple de l'assurance
Graphes et détection de fraude : exemple de l'assuranceGraphes et détection de fraude : exemple de l'assurance
Graphes et détection de fraude : exemple de l'assuranceLinkurious
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
iso 20000-1- 2018.pdf
iso 20000-1- 2018.pdfiso 20000-1- 2018.pdf
iso 20000-1- 2018.pdfAhmed kamal
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance frameworkMing-Chang (Bright) Wu
 
IoT Asset Management
IoT Asset Management IoT Asset Management
IoT Asset Management Kelly Potter
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementOnur Yuksektepeli
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
What’s New in OpenText Content Suite 16
What’s New in OpenText Content Suite 16What’s New in OpenText Content Suite 16
What’s New in OpenText Content Suite 16OpenText
 
Shift Left fängt ganz links an
Shift Left fängt ganz links anShift Left fängt ganz links an
Shift Left fängt ganz links anBATbern
 
NLU-MAP. IBM Watson NLU with Mind Mapping automation
NLU-MAP. IBM Watson NLU with Mind Mapping automationNLU-MAP. IBM Watson NLU with Mind Mapping automation
NLU-MAP. IBM Watson NLU with Mind Mapping automationJosé M. Guerrero
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 

Mais procurados (20)

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
 
Graphes et détection de fraude : exemple de l'assurance
Graphes et détection de fraude : exemple de l'assuranceGraphes et détection de fraude : exemple de l'assurance
Graphes et détection de fraude : exemple de l'assurance
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton Chuvakin
 
iso 20000-1- 2018.pdf
iso 20000-1- 2018.pdfiso 20000-1- 2018.pdf
iso 20000-1- 2018.pdf
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Information security governance framework
Information security governance frameworkInformation security governance framework
Information security governance framework
 
IoT Asset Management
IoT Asset Management IoT Asset Management
IoT Asset Management
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
FAPI 最新情報 - OpenID BizDay #15
FAPI 最新情報 - OpenID BizDay #15FAPI 最新情報 - OpenID BizDay #15
FAPI 最新情報 - OpenID BizDay #15
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
 
What’s New in OpenText Content Suite 16
What’s New in OpenText Content Suite 16What’s New in OpenText Content Suite 16
What’s New in OpenText Content Suite 16
 
Shift Left fängt ganz links an
Shift Left fängt ganz links anShift Left fängt ganz links an
Shift Left fängt ganz links an
 
NLU-MAP. IBM Watson NLU with Mind Mapping automation
NLU-MAP. IBM Watson NLU with Mind Mapping automationNLU-MAP. IBM Watson NLU with Mind Mapping automation
NLU-MAP. IBM Watson NLU with Mind Mapping automation
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 

Semelhante a Implementing a WAF

Secure PHP Development with Inspekt
Secure PHP Development with InspektSecure PHP Development with Inspekt
Secure PHP Development with Inspektfunkatron
 
台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察Chili Consulting
 
5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed Development5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed DevelopmentChlkboard
 
Mtechschedule2010 1117 april
Mtechschedule2010 1117 aprilMtechschedule2010 1117 april
Mtechschedule2010 1117 aprilbikram ...
 
谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010Zi Bin Cheah
 
How and Why to Use Social Media
How and Why to Use Social MediaHow and Why to Use Social Media
How and Why to Use Social MediaCordell Parvin
 
Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010Nikolai Onken
 

Semelhante a Implementing a WAF (9)

Secure PHP Development with Inspekt
Secure PHP Development with InspektSecure PHP Development with Inspekt
Secure PHP Development with Inspekt
 
台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察台灣/中國網路經濟之社會觀察
台灣/中國網路經濟之社會觀察
 
5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed Development5 Principles for Agile & High Speed Development
5 Principles for Agile & High Speed Development
 
Mtechschedule2010 1117 april
Mtechschedule2010 1117 aprilMtechschedule2010 1117 april
Mtechschedule2010 1117 april
 
谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010谈一谈HTML5/CSS3 @ WebRebuild 2010
谈一谈HTML5/CSS3 @ WebRebuild 2010
 
How and Why to Use Social Media
How and Why to Use Social MediaHow and Why to Use Social Media
How and Why to Use Social Media
 
Linked Data In Action
Linked Data In ActionLinked Data In Action
Linked Data In Action
 
Refactoring
RefactoringRefactoring
Refactoring
 
Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010Mobile JavaScript Development - QCon 2010
Mobile JavaScript Development - QCon 2010
 

Mais de Mark Hillick

Peeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security OnionPeeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security OnionMark Hillick
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMark Hillick
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)Mark Hillick
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on NetscalerMark Hillick
 
Scareware - Irisscon 2009
Scareware - Irisscon 2009Scareware - Irisscon 2009
Scareware - Irisscon 2009Mark Hillick
 
Scareware Traversing the World via Ireland
Scareware Traversing the World via IrelandScareware Traversing the World via Ireland
Scareware Traversing the World via IrelandMark Hillick
 
CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!Mark Hillick
 
MongoDB - Who, What & Where!
MongoDB - Who, What & Where!MongoDB - Who, What & Where!
MongoDB - Who, What & Where!Mark Hillick
 

Mais de Mark Hillick (9)

Peeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security OnionPeeling back your Network Layers with Security Onion
Peeling back your Network Layers with Security Onion
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)
 
HackEire 2009
HackEire 2009HackEire 2009
HackEire 2009
 
Integrated Cache on Netscaler
Integrated Cache on NetscalerIntegrated Cache on Netscaler
Integrated Cache on Netscaler
 
Scareware - Irisscon 2009
Scareware - Irisscon 2009Scareware - Irisscon 2009
Scareware - Irisscon 2009
 
Scareware Traversing the World via Ireland
Scareware Traversing the World via IrelandScareware Traversing the World via Ireland
Scareware Traversing the World via Ireland
 
CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!CTF: Bringing back more than sexy!
CTF: Bringing back more than sexy!
 
MongoDB - Who, What & Where!
MongoDB - Who, What & Where!MongoDB - Who, What & Where!
MongoDB - Who, What & Where!
 

Último

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoUXDXConf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfFIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 

Último (20)

Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 

Implementing a WAF

  • 1. TRIALS & TRIBULATIONS OF WAF MARK HILLICK - @MARKOFU Thursday 20 May 2010
  • 2. AWK -F: '/ROOT/ {PRINT $5}' /ETC/PASSWD Mark Hillick Thursday 20 May 2010
  • 3. PHASES Introduction Starting Out Design Test Implementation Post-Implementation Thursday 20 May 2010
  • 4. INTRODUCTION - WHAT IS A WAF? Thursday 20 May 2010
  • 5. INTRODUCTION - WAF TODAY? WAF Marketplace Maturing Compliance Boo Thursday 20 May 2010
  • 6. INTRODUCTION - WAF TODAY? WAF deployments were initially propelled by PCI ......... but are now increasingly driven by security best practices. Source: Forrester 2010 Thursday 20 May 2010
  • 7. INTRODUCTION - NUMBERS $200 million 20% Thursday 20 May 2010
  • 8. INTRODUCTION - VENDORS Software/Hardware Commercial/Open Source Thursday 20 May 2010
  • 9. INTRODUCTION - EH???? WHAT???? XSS XSRF SQL Injection APT Zero Day Click Jacking Cookie/Session Hijacking Thursday 20 May 2010
  • 10. INTRODUCTION - COMPETITORS IDS Reverse Proxy IPS Network FW Proxy Secure Code Thursday 20 May 2010
  • 11. INTRODUCTION - PRE-SALES Know your subject Question, Ask, Query, Demand Plan, Test, Plan, Test Thursday 20 May 2010
  • 12. STARTING OUT - GOAL Thursday 20 May 2010
  • 13. STARTING OUT - RESEARCH Research -> knowledge & understanding Thursday 20 May 2010
  • 14. STARTING OUT - SATISTICS 6.5 times more expensive to fix a flaw in development than during design, 15 times more in testing, and 100 times more in development. Source http://2010survey.whitehatimperva.com/ Thursday 20 May 2010
  • 15. STARTING OUT - INTERNAL SELL (1) Technical issues in business language (e.g. just-in- time patching) and a bit of Thursday 20 May 2010
  • 16. STARTING OUT - INTERNAL SELL (2) Know your costs Advantages over cheaper alternatives! Thursday 20 May 2010
  • 17. STARTING OUT - INTERNAL SELL (4) There is a disconnect between the acknowledgement of security issues and the willingness to fix them.  Source: The HP Security Laboratory Blog Thursday 20 May 2010
  • 18. STARTING OUT - INTERNAL SELL (4) Do not oversell WAF != unhackable Thursday 20 May 2010
  • 19. STARTING OUT - PLAN (1) I love it when...... Copyright © NBC Thursday 20 May 2010
  • 20. STARTING OUT - PLAN (2) WANTED!!!! Owner/Champion/Lover Thursday 20 May 2010
  • 21. STARTING OUT - PLAN (3) Thursday 20 May 2010
  • 22. STARTING OUT - PLAN (4) UAT & SDLC Configuration - Delegation? Alerting Incident Response Plan Logging & Analysis Reporting Thursday 20 May 2010
  • 23. TEST - TEST SOURCE: http://www.flickr.com/photos/ kodomut/ Thursday 20 May 2010
  • 24. TEST - SDLC How does it change? When? Who? Thursday 20 May 2010
  • 25. TEST - OPERATIONAL Not what you want, is it? Thursday 20 May 2010
  • 26. TEST - FUNCTIONAL Functional Generic Specific SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
  • 27. TEST - STRESS STRESS == LEARNING SOURCE: http://www.flickr.com/photos/ 54724780@N00/ Thursday 20 May 2010
  • 28. TEST - THE FUN ‘BIT’ Does it work....... SOURCE: http://nmap.org/movies.html Copyright © Warner Bros. Thursday 20 May 2010
  • 29. TEST - POLICY Administration Policy Who has access? Delegation? Change Management - different? Incident Response Plan? What is an Incident? Thursday 20 May 2010
  • 30. IMPLEMENTATION - PLAN Plan B? Copyright © Fox Thursday 20 May 2010
  • 31. IMPLEMENTATION - ALMOST Almost there, don’t cut corners! COMPLETE TESTING FULLY!!!!! Thursday 20 May 2010
  • 32. IMPLEMENTATION - SET-UP +.ve Security Model Transparent Informational Logging Generic versus Specific Analysis Reporting Thursday 20 May 2010
  • 33. IMPLEMENTATION - READ Check your logs!!! Thursday 20 May 2010
  • 34. IMPLEMENTATION - HACK External Testing Thursday 20 May 2010
  • 35. IMPLEMENTATION Transparent -> Blocking Generic -> Specific Thursday 20 May 2010
  • 36. POST-IMPLEMENTATION - WAF Your infrastructure has changed!! Patching, Policy Changes, Application Upgrades Thursday 20 May 2010
  • 37. POST-IMP - STILL, OH YES? SDLC Network Firewall & ACLs Code Analysis Penetration &Vulnerability Testing Incident Response Plan???? -> Incident? What? Thursday 20 May 2010
  • 38. POST-IMP - TICK TOCK, NO MORE!! Thursday 20 May 2010
  • 39. POST-IMP - USE IT! NO!!!!!! Thursday 20 May 2010
  • 40. POST-IMPLEMENTATION - STILL? As someone-else once said!! Thursday 20 May 2010
  • 41. RESOURCES SANS Reading Room (Scareware via Web App exploit) SANS, Owasp, WebAppSec Web 2.0 -> Blogs, Twitter Vendor Sites Thursday 20 May 2010
  • 42. CONCLUSION - WAF Extra layer of defence but also admin Can be an excellent and effective solution Is it what I need? Only a part of defence-in-depth!!!! Thursday 20 May 2010