Gezielte Angriffe auf Unternehmen. Warum die beste Netzwerksicherheit allein nicht greift. Securing and Optimizing Web applications
|
|
- Calvin Hunt
- 8 years ago
- Views:
Transcription
1 Gezielte Angriffe auf Unternehmen Warum die beste Netzwerksicherheit allein nicht greift Securing and Optimizing Web applications
2 Agenda 1. Gezielte Angriffe auf Unternehmen - Wieso müssen wir uns mit dem Thema unausweichlich beschäfigen? 2. Weshalb die beste Netzwerksicherheit allein nicht greift. 3. Diskussion 4. Welche Dinge sind für ein effektives & effizientes Handling relevant? 2
3 Veränderung der Angriffe auf Web Applikationen Nationale Interessen Spion Persönlicher Gewinn Dieb Höchste Zunahme Persönlicher Ruhm Neugier Vandal Eindringling Autor Expertentools werden vermehrt von Hobby- Hackern und Kriminellen verwendet Script-Kiddy Hobby Hacker Experte Spezialist 3
4 Netzwerk vs. Applikation 4
5 Why Application Security is a High Priority! Does not require to be highly skilled or any material Web applications are high value targets for hackers: Customer data, credit cards, ID theft, fraud, site defacement High Complexity Low Low Hackers ROI High 5
6 Lage der IT-Sicherheit in Deutschland
7 Top 10 Web Threats 7
8 Demo: Login per SQL-Injection Quelle: GAI netconsult 8
9 Demo: Manipulation eines Hidden-Fields Quelle: GAI netconsult 9
10 Die wachsende Bedrohung durch Web-Angriffen Test, durchgeführt von PSINet und Pansec 2 "dummy" Web-Sites wurden erstellt, die europäische Bank-Sites simulieren Das Ergebnis 2000 Angriffe pro Woche auf die ungeschützte Web-Site 200 Angriffe pro Woche durch die Firewall, von denen mehr als 33% als High Risk eingestuft wurden Internet Die Frage ist deshalb nicht Wird es eine High Risk Attacke gegen die Web-Anwendung geben? sondern WANN? 10
11 Network firewalls are inefficient Web servers Netbios Databases HTTP/S HTTP/S Application Server Backend Server/System NFS Source? Destination? Service? Network Firewalls check IP source and destination, port numbers and sometimes protocol compliance Web Applications Firewalls inspect the HTTP/HTTPS/XML content 11
12 Network Security Doesn t Protect - Web Applications Known Web Worms Unknown Web Worms Known Web Vulnerabilities Unknown Web Vulnerabilities Illegal Access to Web-server files Forceful Browsing File/Directory Enumerations Brute Force attacks Buffer Overflow Cross-Site Scripting SQL/OS Injection Cookie Poisoning Hidden-Field Manipulation Parameter Tampering Web Application Firewall Network Firewall Limited X Limited X Limited X X X Limited Limited X X X X IPS Limited Partial Limited X X Limited X Limited Limited X X X X 12 12
13 Web attacks: targets and impacts Web servers Databases Application Server Web Services Users Impact Targets Users Web servers Web applications Databases Web services Session hijacking Web Server defacement Deny of services (DoS) Remote control on the Web server Web applications behavior modification Data theft, datas modification 13
14 Web Application Security Web servers Databases Application Server Backend Server/System Users An efficient & effective solution should protect against applicative attacks that target : Users Databases Web servers Web services Web applications 14
15 Vergleich von Security-Maßnahmen Hoch Effektivität (erreichter Schutz) Code Analyse Penetrations-test Security Training für Entwickler Web Application Firewalls Niedrig IPS / Deep Inspection Schwachstellenscans Niedrig Effizienz (Kosten-/Nutzen-Verhältnis) Hoch 15
16 Deny All Security Solutions 16
17 WAF = Web Application Firewall? 17
18 Why Customers deploy Transactional application Web mail Business data protection PCI compliance PCI DSS 6.6 Web services protection Application performance 18
19 Company overview Initally developed and used by SociétéGénérale, independent company launched in 2001 More than 10 years in production network 24x7x365 Leading European WAF vendor customers - all sectors Protection of more than web sites Worldwide operations -active in more than 25 countries -presented by own teams and/or certified partners Revenue - 60% in France - 40% International Key partners for Technology and Hardware: 19
20 Deny All Application Firewall Lösungen rftp File Transfer Application Firewall Sofortiger Schutz der File Transfer Dienste und Applikationen rweb Web und XML Application Firewall Vollständiger Schutz, Beschleunigung und Vereinfachung von Web-Applikationen und des Web Services Environments sproxy Secure Web Accelerator Beschleunigung und Schutz Ihres Web-Daten-Centers Hoher Basis Schutz mit Blacklist & Scoringlist 20
21 Architecture with reverse proxy DMZ mode Public DMZ Web server Application server Databases Backend Server/System SAP PORTAL Architecture security improvement Application level security Acceleration 21
22 Multi DMZ mode Public DMZ Acceleration Web frontal Application server Databases Backend Server/System Private DMZ Authentication / Filtering SAP PORTAL 1st appliance Acceleration 2nd appliance Authentication and Filtering 22
23 Security mechanisms Reverse Proxy Protocol Inspection Reverse Proxy, no direct access from outside world Black List Scoring List White list Statefull Cookie Tracking Benefits Applicative Infrastructure virtualization Powerful rewriting Acceleration features User behavior tracking Client Sanitization 23
24 Security mechanisms Reverse Proxy Protocol Inspection Black List Scoring List Protocol Inspection URL normalization Anti-evasion White list Statefull Cookie Tracking User behavior tracking Client Sanitization Benefits: Able to detect and blocks that have been encoded Immediate protection against attacks that use protocol manipulation 24
25 Security mechanisms Reverse Proxy Protocol Inspection Black List Scoring List White list Statefull Cookie Tracking User behavior tracking Client Sanitization Black list Over 2000 signatures of web application vulnerabilities Periodically updated Auto/Manual upload Groups to improve performances Benefits Immediate protection against known vulnerabilities No need to know the application or the web server technology 25
26 Security mechanisms Reverse Proxy Protocol Inspection Black List Scoring List Scoring list Score every incoming requests Drop the request when the score is too high Result of years of experience to allocate the weight. Integration of our know-how in Plug&Play feature (10 years) White list Statefull CookieTracking User behavior tracking Client Sanitization Benefits Very low level of false positive for attacks such as SQL injection, XSS, code injection compared to a simple black list block injection across multiple parameters Able to block 97% of new vulnerabilities without any modification, or adaptation (SQLi, XSS, HTMLi, LFi) 26
27 Unique WAF-Feature: Scoringlist Pattern 1: ^select$ weight=0,50 Pattern 2: ^union$ weight=0,25 Pattern 3: ^from$ weigth=0,25 union weight=0,25 nicht geblockt union select weight=0, 75 nicht geblockt union select * from weight=1,00 geblockt 27
28 Hoher Basis-Schutz mit negativer Security 100% Security Level Scoring List + Black-List Blacklist 0% 28
29 Security mechanisms Reverse Proxy Protocol Inspection Black List Scoring List White list Statefull Cookie Tracking User behavior tracking Client Sanitization White list Only expected request will be granted Tools to generate automatically the white list: Multiple security Levels Benefits Easy to set up Improve the security level By using a low level of white list, improve to security level and doesn't increase administration cost 29
30 Security mechanisms Reverse Proxy Protocol Inspection Black List Scoring List White list Statefull Cookie Tracking Anti brute force Anti Dos Client Sanitization Cookie stateful tracking Signature Encryption Benefits Immediate protection against cookie manipulations 30
31 Security mechanisms Reverse Proxy Protocol Inspection Black List Scoring List White list Statefull Cookie Tracking Anti Brute force / Anti DOS Multiples criteria (Time, ip, cookie, response code ) Multiples reactions (error page, slow down, redirect ) User behavior tracking Client Sanitization Benefits Protect against attacks that can t be blocked with positive or negative security model 31
32 Security mechanisms Reverse Proxy Protocol Inspection Man-in-the-browser/Trojan (MITB) Operates inside the browser with full access Disclosure of sensitive data Manipulates transaction data Black List Scoring List White list Statefull Cookie Tracking User behavior tracking Client Sanitization Spyware Operates typically from inside the browser, but may operate from other places Steals confidential information Mitigation Secure services even on a possibly infected system Proactive protection features integrated in a browser Maximum security level without the need for a separate installation or admin rights No end-user configuration required Low overhead ensuring stable system speed 32
33 Security mechanisms Reverse Proxy 1. Client connects to the Web site Protocol Inspection Black List Scoring List White list Statefull Cookie Tracking User behavior tracking Client rweb Server 2. rweb forces the loading of shield Client Sanitization 3. Client connects from a secured browser 33
34 WEB Services Protection Databases WEB services Backend Server/System Protocol Validation Schema Validation (WSDL, DTD, XSD ) Xpath enforcement Canonization Next Feature 34
35 SAP Public DMZ Databases SAP Service Backend Server/System SAP Portal Deny All provides SAP Web Applications protection Next Feature 35
36 Authentication Databases SAP Service Backend Server/System Client Certificats One time password RSA Secure ID Radius Ldap(s) Active Directory 36
37 SSO Authorization Databases SAP Service Backend Server/System CA Site Minder 37
38 Web application visibility Visibility on Web Servers response time In the logs Total time Web server response time = rwebprocessing time Visibility on the users requests Evidence of attacks (Web servers don t log entire traffic) Debug and Web application behavior improvement 38
39 Acceleration Server Load Backend Server/System Application Server Cache TCP Multiplexing SSL offload On the fly compression Improve user s experience 39
40 Appliances High availability - Active/Active rweb Cluster Both nodes are active Failover < 1s Up to 32 active nodes 40
41 Feature distribution rweb 4.0 Caching rweb 4.0 Filtering rweb 4.0 Load-Balancing 41
42 Back ends High availability / Load Balancing Application Server Backend Server/System Algorithms: Weighted Round robin Least requests Applicative Health check Session tracking Web server «soft removing» Databases Benefits : No need to implement HA mechanisms on Web servers Applicative HA Scalable architecture 42
43 Management Administration GUI WEB 2.0 SNMP (V2c V3) Syslog Configuration synchronization Backup / restore 43
44 Reporting 44
45 Monitoring System Health Overall Throughput Security Alerts Incidents Severity 45
46 Denyall Security Solutions Hide Server from Internet Validation HTTP protocol Protect against known vulnerabilities Protect against Unknown vulnerabilities Application zone restriction Sensible data hidden Less servers needed Improved response time Strong authentication Session protection Behavior agreement Isolate external sessions Remove any possibilities of jump 46
47 Benefits (Web Application) Security Acceleration Visibility on Web applications Infrastructure optimisation 47
48 Kontakt: Deny All GmbH Ingmar Lüdemann
Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationF5 ASM i DB Monitoring w ofercie NASK
F5 ASM i DB Monitoring w ofercie NASK Impacting People s Daily Lives F5 is Everywhere 2 3 Agenda Security What are the challenges Operation Efficiency using a ADC Database and Application Monitoring Round
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationContemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationWhite Paper Secure Reverse Proxy Server and Web Application Firewall
White Paper Secure Reverse Proxy Server and Web Application Firewall 2 Contents 3 3 4 4 8 Losing control Online accessibility means vulnerability Regain control with a central access point Strategic security
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationFortiWeb 5.0, Web Application Firewall Course #251
FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationInformation Technology Policy
Information Technology Policy Enterprise Web Application Firewall ITP Number ITP-SEC004 Category Recommended Policy Contact RA-ITCentral@pa.gov Effective Date January 15, 2010 Supersedes Scheduled Review
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationBarracuda Web Application Firewall
Barracuda Networks Technical Documentation Barracuda Web Application Firewall Administrator s Guide Version 7.6 RECLAIM YOUR NETWORK Copyright Notice Copyright (c) 2004-2011, Barracuda Networks, Inc.,
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationAdvanced Administration for Citrix NetScaler 9.0 Platinum Edition
Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced
More informationIJMIE Volume 2, Issue 9 ISSN: 2249-0558
Survey on Web Application Vulnerabilities Prevention Tools Student, Nilesh Khochare* Student,Satish Chalurkar* Professor, Dr.B.B.Meshram* Abstract There are many commercial software security assurance
More informationApplication Security Testing
Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationNSFOCUS Web Application Firewall White Paper
White Paper NSFOCUS Web Application Firewall White Paper By NSFOCUS White Paper - 2014 NSFOCUS NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect
More informationImperva s Response to Information Supplement to PCI DSS Requirement Section 6.6
Imperva Technical Brief Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6 The PCI Security Standards Council s (PCI SSC) recent issuance of an Information Supplement piece
More informationThe Application Delivery Controller Understanding Next-Generation Load Balancing Appliances
White Paper Overview To accelerate response times for end users and provide a high performance, highly secure and scalable foundation for Web applications and rich internet content, application networking
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationThe New PCI Requirement: Application Firewall vs. Code Review
The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationFortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.
FortiWeb for ISP Web Application Firewall Copyright Fortinet Inc. All rights reserved. Agenda Introduction to FortiWeb Highlights Main Features Additional FortiWEB Services for the ISP FortiWeb Family
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationSecuring and Accelerating Databases In Minutes using GreenSQL
Securing and Accelerating Databases In Minutes using GreenSQL Unified Database Security All-in-one database security and acceleration solution Simplified management, maintenance, renewals and threat update
More informationThe Bomgar Appliance in the Network
The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.
More informationWHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them
More informationWHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications
More informationF5 Silverline Web Application Firewall Onboarding: Technical Note
F5 Silverline Web Application Firewall Onboarding: Technical Note F5 Silverline Web Application Firewall Onboarding With organizations transitioning application workloads to the cloud, traditional centralized
More informationStrategic Information Security. Attacking and Defending Web Services
Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More information<Insert Picture Here> Oracle Web Cache 11g Overview
Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content
More informationContent Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway
TESTING & INTEGRATION GROUP SOLUTION GUIDE Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway INTRODUCTION...2 RADWARE SECUREFLOW... 3
More informationSAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation
A BasisOnDemand.com White Paper SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation by Prakash Palani Table of Contents 1. Purpose... 3 2. What is Web Dispatcher?... 3 3. Can
More informationWeb Application Firewalls: When Are They Useful? OWASP AppSec Europe May 2006. The OWASP Foundation http://www.owasp.org/
Web Application Firewalls: When Are They Useful? OWASP AppSec Europe May 2006 Ivan Ristic Thinking Stone ivanr@webkreator.com +44 7766 508 210 Copyright 2006 - The OWASP Foundation Permission is granted
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationJOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City
JOOMLA SECURITY by Oliver Hummel ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City CONTACT Nicholas Butler 051-393524 089-4278112 info@irelandwebsitedesign.com Contents Introduction 3 Installation
More informationWeb Application Firewall on SonicWALL SRA
Web Application Firewall on SonicWALL SRA Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SRA 6.0. This document contains the following
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationImplementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationApplication Firewall Overview. Published: February 2007 For the latest information, please see http://www.microsoft.com/iag
Application Firewall Overview Published: February 2007 For the latest information, please see http://www.microsoft.com/iag Contents IAG Application Firewall: An Overview... 1 Features and Benefits... 2
More informationBarracuda Web Site Firewall Administrator s Guide
Barracuda Web Site Firewall Administrator s Guide Version 7.0 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2008, Barracuda Networks
More informationFirst the Security Gate, then the Airplane. What needs to be heeded when checking web applications?
What needs to be heeded when checking web applications? RELEASE 1 Anyone developing a new software program will usually have an idea of the features and functions that the program should master. The subject
More informationAPV9650. Application Delivery Controller
APV9650 D a t a S h e e t Application Delivery Controller Array Networks APV Series of Application Delivery Controllers optimizes the availability, user experience, performance, security and scalability
More informationDEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0
DEPLOYMENT GUIDE Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0 Introducing the F5 and Microsoft Dynamics CRM configuration Microsoft Dynamics CRM is a full customer relationship
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More information10 Things Every Web Application Firewall Should Provide Share this ebook
The Future of Web Security 10 Things Every Web Application Firewall Should Provide Contents THE FUTURE OF WEB SECURITY EBOOK SECTION 1: The Future of Web Security SECTION 2: Why Traditional Network Security
More informationBarracuda Syslog Barracuda Web Site Firewall
Overview There are four types of logs generated by the which can be configured to be sent over the syslog mechanism to a remote server specified by the Barracuda Web Site Firewall administrator. These
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationLoad Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationCore Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems
Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary
More informationNext Gen Firewall and UTM Buyers Guide
Next Gen Firewall and UTM Buyers Guide Implementing and managing a network protected by point solutions is far from simple. But complete protection doesn t have to be complicated. This buyers guide explains
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationMatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool
MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application
More informationENQUIRY NO.NIE/PS/2014-15 DATE: 02/09/2014
NATIONAL INSTITUTE OF EPIDEMIOLOGY (INDIAN COUNCIL OF MEDICAL RESEARCH) (AN AUTONOMOUS UNIT UNDER GOVT. OF INDIA MINISTRY OF HEALTH & FAMILY WELFARE) T.N.H.B., AYAPAKKAM, (AMBATTUR), CHENNAI - 600 077
More informationDEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12
DEPLOYMENT GUIDE Version 1.2 Deploying F5 with Oracle E-Business Suite 12 Table of Contents Table of Contents Introducing the BIG-IP LTM Oracle E-Business Suite 12 configuration Prerequisites and configuration
More informationWeb Application Firewall on SonicWALL SSL VPN
Web Application Firewall on SonicWALL SSL VPN Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SSL VPN 5.0. This document contains the following
More informationPCI DSS Compliance. with the Barracuda NG Firewall. White Paper
PCI DSS Compliance with the Barracuda NG Firewall White Paper About Payment Card Industry Data Security Standard (PCI DSS) Requirements In response to the increase in identity theft and security breaches,
More informationF5 and Microsoft Exchange Security Solutions
F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application
More informationANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239
ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239 Check Point Firewall Software and Management Software I. Description of the Item Up gradation, installation and commissioning of Checkpoint security gateway
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationData Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director
Data Sheet VLD 500 A Series Viaedge Load Director VLD 500 A Series: VIAEDGE Load Director VLD : VIAEDGE Load Director Key Advantages: Server Load Balancing for TCP/UDP based protocols. Server load balancing
More informationInterwise Connect. Working with Reverse Proxy Version 7.x
Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web
More informationMcAfee SECURE Technical White Paper
Protect what you value. VERSION #1 093008 McAfee SECURE Technical White Paper Table of Contents Contnuous Security Auditing....................................................................... 2 Vulnerability
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationlocuz.com Professional Services Security Audit Services
locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.
More informationNETASQ MIGRATING FROM V8 TO V9
UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4
More informationFeatures of a comprehensive application security solution
WHITE PAPER Citrix NetScaler Features of a comprehensive application security solution The comprehensive security features of Citrix NetScaler protect against DoS/DDoS, deliver intrusion filtering capabilities
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationNetwork protection and UTM Buyers Guide
Network protection and UTM Buyers Guide Using a UTM solution for your network protection used to be a compromise while you gained in resource savings and ease of use, there was a payoff in terms of protection
More informationCitrix NetScaler Best Practices. Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG
Citrix NetScaler Best Practices Claudio Mascaro Senior Systems Engineer BCD-Sintrag AG Agenda Deployment Initial Konfiguration Load Balancing NS Wizards, Unified GW, AAA Feature SSL 2 FTP SQL NetScaler
More informationApplication Note. Active Directory Federation Services deployment guide
Application Note Active Directory Federation Services deployment guide Document version: v1.1 Last update: 20th January 2014 Purpose ALOHA Load-Balancer deployment guide for Microsoft ADFS and ADFS proxy
More informationDatacenter Transformation
Datacenter Transformation Consolidation Without Compromising Compliance and Security Joe Poehls Solution Architect, F5 Networks Challenges in the infrastructure I have a DR site, but the ROI on having
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationNSFOCUS Web Application Firewall
NSFOCUS Web Application Firewall 1 / 9 Overview Customer Benefits Mitigate Data Leakage Risk Ensure Availability and QoS of Websites Close the Gap for PCI DSS Compliance Collaborative Security The NSFOCUS
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationNext Generation Firewall
Next Generation Firewall Product Overview SANGFOR Next-Generation Firewall is designed with Application Control, Intrusion Prevention and Web Security in mind, providing deep and fine-grained visibility
More information