Penta Security 3rd Generation Web Application Firewall No Signature Required. www.gasystems.com.au



Similar documents
A Call for Drastic Action. A Survey of Web Application Firewalls

Table of Contents. Page 2/13

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Where every interaction matters.

From the Bottom to the Top: The Evolution of Application Monitoring

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Cloud Security:Threats & Mitgations

Overview of the Penetration Test Implementation and Service. Peter Kanters

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Guidelines for Web applications protection with dedicated Web Application Firewall

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Pentests more than just using the proper tools

Pentests more than just using the proper tools

The Top Web Application Attacks: Are you vulnerable?

05.0 Application Development

College Training Program

IJMIE Volume 2, Issue 9 ISSN:

Complete Protection against Evolving DDoS Threats

How to complete the Secure Internet Site Declaration (SISD) form

Reducing Application Vulnerabilities by Security Engineering

Intrusion detection for web applications

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Magento Security and Vulnerabilities. Roman Stepanov

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

Web Application Security 101

The Hillstone and Trend Micro Joint Solution

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Hardening Moodle. Concept and Realization of a Security Component in Moodle. a project by

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

Web Application Security Assessment and Vulnerability Mitigation Tests

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Cloud Security Framework (CSF): Gap Analysis & Roadmap

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

WebSphere DataPower: Build a more-secure web application infrastructure

IT Security Conference Romandie - Barracuda Securely Publishing Web Application a field dedicated to expert only?

Enterprise-Grade Security from the Cloud

Cloud Security Framework (CSF): Gap Analysis & Roadmap

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Web Application Attacks And WAF Evasion

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

How To Fix A Web Application Security Vulnerability

State of Web Application Security

Hack Proof Your Webapps

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Web Engineering Web Application Security Issues

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH January 17, Mega Conference

F5 Silverline Web Application Firewall Onboarding: Technical Note

Improving Web Application Firewall Testing (WAF) for better Deployment in Production Networks January 2009 OWASP Israel

Web Application Firewall on SonicWALL SSL VPN

End-to-End Application Security from the Cloud

ensuring security the way how we do it

External Supplier Control Requirements

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Adobe Systems Incorporated

Sitefinity Security and Best Practices

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

Readiness Assessments: Vital to Secure Mobility

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

Integrating Security Testing into Quality Control

Breaking the Cyber Attack Lifecycle

Are you fighting new threats with old weapons? Secure your Web applications with Web Application Firewalls.

Web Application Report

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

Protecting Your Organisation from Targeted Cyber Intrusion

NSFOCUS Web Application Firewall White Paper

Why a Web Application Firewall Makes Good Business Sense How to Stay Secure with AppWall Whitepaper

Web Application Penetration Testing

Security Assessment through Google Tools -Focusing on the Korea University Website

Attack Vector Detail Report Atlassian

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

We protect you applications! No, you don t. Digicomp Hacking Day 2013 May 16 th 2013

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

Using Free Tools To Test Web Application Security

SERENA SOFTWARE Serena Service Manager Security

Managing Web Security in an Increasingly Challenging Threat Landscape

Transcription:

Penta Security 3rd Generation Web Application Firewall No Signature Required www.gasystems.com.au 1 1

The Web Presence Demand The Web Still Grows INTERNET USERS 2006 1.2B Internet Users - 18% of 6.5B people 2011 2.4B Internet Users 35% of 7B people 2

Huge scope for the mobile web 5.6B 835M Smartphone Subscribers Mobile Phone Subscribers The Appetite for Tablets Global cumulative shipment s (000s) Quarters after launch 3

The Need for Effective Web Application Security 75% of ALL threats target the Web Application layer Gartner 4

93% of organizations hacked in the past two years were breached via insecure web applications Ponemon Institute 88% of companies spend more on coffee than on web application security. Ponemon Institute 5

Cloud Computing Risks Source:.. cloud computing makes available a well-managed, reliable, scalable global infrastructure that is, unfortunately, almost as well suited to illicit computing needs as it is to legitimate business. 10 The Protection: Web Application Firewall 6

Web Application Firewalls Protects against web attacks Prevents leakage of personal, confidential, and/or proprietary information Enables regulatory compliance 12 Network Firewall, IDS/IPS, or WAF WAFs protect the OSI 7 (Application) Layer OSI 7 Layers Protection Device Web Application Firewall Based on White-list Signature Detect highly sophisticated attacks and encoded traffic Detects unknown attacks Analyzes not only protocol, but also context Intrusion Detection / Prevention System Based on Black-list Signature Detects by comparing the pattern of the attack signature with network traffic Cannot detect unknown attacks Network Firewall Allows/blocks the specific port of the specific IP bandwidth Does not have attack detection ability WAPPLES Introduction & the Future 13 7

Open Web Application Security Project OWASP OWASP Top 10 (2010) Network Firewall IDS / IPS WAF A1: SQL Injection X A2: Cross Site Scripting (XSS) X A3: Broken Authentication and Session Management X A4: Insecure Direct Object References X X A5: Cross Site Request Forgery (CSRF) X X A6: Security Misconfiguration X X A7: Failure to Restrict URL Access X X A8: Insecure Cryptographic Storage X X A9: Insufficient Transport Layer Protection X A10: Unvalidated Redirects and Forwards X X WAF is only solution to protect against OWASP Top 10 Threats 14 WAF delivers compliance Payment Card Industry Data Security Standard Attorney General for Australia May 2 2012 Australia s privacy laws will be reformed to better protect people s personal information, simplify credit reporting arrangements and give new enforcement powers The changes will be introduced into the Parliament in the winter sitting period. 15 8

First Second Generation WAF WAF 16 Analysts Agree There is widespread agreement that advanced attacks are bypassing our traditional signature-based security controls and persisting undetected on our systems for extended periods of time. The threat is real. You are compromised; you just don t know it! Gartner Inc 2012 9

Introducing WAPPLES The Intelligent Web Application Firewall 3 rd Generation WAF Introducing Innovation from Korea South Korea 48M people : 85% homes 1G bb : 91% people mbb Korea s Most Innovative Security Vendor $220 B revenues 29.1 % smartphone market 24.2% apple IDC 2012 No. 1 Web Application Firewall Vendor in Korea (WAPPLES) No. 1 Database Encryption Solution Vendor in Korea (D Amo) 19 10

The only solution that delivers Agility To Your Web presence Change website anytime when you need to Protects your business No brand damage or legal liability Protects your customers Prevents private and credit card data leakage Secured Web presence Protects against all threats known and unknown Frees Resources No adminstration or 3 rd party testers 20 WAPPLES: The Intelligent WAF INTELLIGENT ENGINE AND RULE SET 21 11

Comprehensive Management 22 Implementations 12

Success Stories Problems Facing the Bank of Korea: Maintain Highest Levels of Security and Availability Concerned with SQL injection risks known and unknown Website defacement Warfare Target Existing pattern matching IPS/IDS was ineffective & labor intensive Our existing solution required so much work due to pattern management. WAPPLES has substantially reduced my workload while simultaneously increasing web application security. BuKang Kim, IT Security, The Bank of Korea 24 Success Stories Problems Solved Needed a secure, reliable, easy-to-use, and cost-efficient system to protect their web applications and web servers against known and newly evolving cyber attacks. Concerned specifically with preventing the leakage of private information, including credit card numbers and social security numbers. Support for multiple security policies. Protection of private information of clients and partners Proactive detection and blocking of known and unknown attacks. WHY WAPPLES high success rate for identifying and blocking known, modified, and previously unknown attacks low rate of false positives, and low administrative overhead, Ease of management and the ability to create an unlimited number of security policies 25 13

Success Stories Korean telecommunications giant KT Web security is number one priority for KT business customers WAPPLES Virtualised Solution launched by KT as add-on service for cloud customers Delivers reliable, affordable, easy-to-use, cloud-based web application security 26 www.gasystems.com.au 27 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information