to get the file

More documents

Recommendations

Info

WAF Protection models • WAF‟s modeled approaches to filtering traffic – user permission-based access control – centralized authentication – negative security – positive security – virtual patching – output filtering 44
WAF – positive filtering model • allows only “known good” traffic to pass – Some allow, all deny – a WAF running a positive security approach is like a paranoid security guard who automatically assumes that everyone he doesn‟t recognize is malicious. – With this model, WAF catches the unknown (or zero-day) attacks – it does not need to regularly have its signature file updated. – It requires extensive training or learning time, which takes much up-front time and energy 45
Page 1 and 2: Chapter 7. Web Application Firewall
Page 3 and 4: Remind - term project Selected data
Page 5 and 6: Agenda • I. Notice for term proje
Page 7 and 8: Web application (2/2) ▣ web appli
Page 9 and 10: Why is web security important Netwo
Page 11 and 12: Is it easy to hack into web GET / H
Page 13 and 14: Basic web hacking technique • Dir
Page 15 and 16: OWASP top 10 • OWASP top 10 proje
Page 17 and 18: What‟s new in OWASP Top 10 (2010)
Page 19 and 20: OWASP Top 10 (2010) 19
Page 21 and 22: More SQL injection examples Query =
Page 23 and 24: Injection - how to defend 1. Use a
Page 25 and 26: More XSS example • url="http://14
Page 27 and 28: XSS - how to defend 1.Filter all un
Page 29 and 30: 2. Broken Access Control • Access
Page 31 and 32: 3. Broken Account and Session Manag
Page 33 and 34: 5. Buffer Overflows • Web applica
Page 35 and 36: 7. Error Handling Problems • Erro
Page 37: 8. Insecure Use of Cryptography •
Page 40 and 41: 10. Web and Application Server Misc
Page 42 and 43: Web Application Firewall • Why do
Page 46 and 47: WAF - negative filtering model •
Page 48 and 49: WAF - Output Detection Model/Conten
Page 50 and 51: VA+WAF • Some commercial WAF prod
Page 52 and 53: Commercial WAF • art of defence -
Page 54 and 55: Agenda • I. Notice for term proje
Page 56 and 57: More practical recommendations •
Page 58 and 59: More practical recommendations •
Page 60: References • http://www.owasp.org

to get the file

Create successful ePaper yourself

Delete template?

Save as template?