to get the file

More documents

Recommendations

Info

Why is web security important Application Layer Database Layer Your security “perimeter” has huge holes at the application layer HTTP request (cleartext or SSL) Custom Developed Application Code Databases OS/Platform layer Network Layer HTTP reply (HTML, Javascript, VBscript, etc) Firewall •Windows •Unix App Server Web Server Hardened OS •Apache •IIS… Firewall Database connection: •ADO, •JDBC, etc. We can‟t protect and detect application layer‟s attack with the traditional safeguard of network layer and OS layer (Firewall, ACL, OS hardening, SSL) image source: www.owasp.org 8
Why is web security important Network and OS layer protection cannot block web attacks. A lot of vulnerabilities are newly discovered every month in the well-known web applications. (e.g. Tomcat, Apache, zero board and etc.) The only thing that a firewall and ACL can do is „blocking or permitting‟. It is extremely hard to defend against zero-day attacks. It is hard to find and fix vulnerabilities in in-house web applications. With these vulnerabilities, hackers can get inside of the network and servers. The most valuable assets (e.g. customers‟ personal information) can be exposed by web attacks. It is hard to apply database encryption methods due to performance degradation. The Importance of Web Security keeps growing 9
Page 1 and 2: Chapter 7. Web Application Firewall
Page 3 and 4: Remind - term project Selected data
Page 5 and 6: Agenda • I. Notice for term proje
Page 7: Web application (2/2) ▣ web appli
Page 11 and 12: Is it easy to hack into web GET / H
Page 13 and 14: Basic web hacking technique • Dir
Page 15 and 16: OWASP top 10 • OWASP top 10 proje
Page 17 and 18: What‟s new in OWASP Top 10 (2010)
Page 19 and 20: OWASP Top 10 (2010) 19
Page 21 and 22: More SQL injection examples Query =
Page 23 and 24: Injection - how to defend 1. Use a
Page 25 and 26: More XSS example • url="http://14
Page 27 and 28: XSS - how to defend 1.Filter all un
Page 29 and 30: 2. Broken Access Control • Access
Page 31 and 32: 3. Broken Account and Session Manag
Page 33 and 34: 5. Buffer Overflows • Web applica
Page 35 and 36: 7. Error Handling Problems • Erro
Page 37: 8. Insecure Use of Cryptography •
Page 40 and 41: 10. Web and Application Server Misc
Page 42 and 43: Web Application Firewall • Why do
Page 44 and 45: WAF Protection models • WAF‟s m
Page 46 and 47: WAF - negative filtering model •
Page 48 and 49: WAF - Output Detection Model/Conten
Page 50 and 51: VA+WAF • Some commercial WAF prod
Page 52 and 53: Commercial WAF • art of defence -
Page 54 and 55: Agenda • I. Notice for term proje
Page 56 and 57: More practical recommendations •
Page 58 and 59:
More practical recommendations •
Page 60:
References • http://www.owasp.org
show all

to get the file

Create successful ePaper yourself

Delete template?

Save as template?