PE’s

WAF
•PE = traps to catch the attack Traffic footprint – elements of the rule – S/A/R/CI •Rule = combination  of PE to find and prevent a known footprint of attack…

Web Security evaluation

Uncategorized
 Evaluations:Evaluation provide a way to measure the hard work you invest in securing your web application asses  by reflecting the security level that indicated the your ability to overcome security…

 Part 0 intro  – Web economy

Uncategorized
Web applications are the ultimate free market to sell any goods, it is also open 24/7/365 for hacking The web application ecosystem  Web applications change the world and create the…

Application Common Attack Vectors (A-CAV)

Uncategorized
Server Side Attacks – RequestHTTP Response SplittingInformation LeakageError messages dispalySession and cookiesCredential/Session PredictionNon-HttpOnly Session CookieUnsecured Session CookieInsufficient Session ExpirationSession FixationPersistent Session CookieServer Side Attacks – ResponseHTTP Response SplittingInformation LeakageError messages…

WAF types

WAF
 location mangment WAF type Screening WAF on perm / cloud / fully manageservice Perimeter WAF on perm / cloud / self manage monolity / microservices Mesh WAF on perm / cloud / self manage microservices 

WAF Vendor List

WAF
•According to Gartner, it is predicted that 80% of enterprises will have migrated away from traditional data centers and into the cloud within the next five years. With the ever-increasing…

WAF Workshop FAQ

WAF
WAF have many considerations throughout its life cycle. Getting your WAF to good enough security requires a solid review of Assents, Implementations and Response (AIR model) Workshops are small chunks…