Part 0 intro – Web economy
Web applications are the ultimate free market to sell any goods, it is also open 24/7/365 for hacking The web application ecosystem Web applications change the world and create the…
PE’s
•PE = traps to catch the attack Traffic footprint – elements of the rule – S/A/R/CI •Rule = combination of PE to find and prevent a known footprint of attack…
WAF Vendor List
•According to Gartner, it is predicted that 80% of enterprises will have migrated away from traditional data centers and into the cloud within the next five years. With the ever-increasing…
WAF Workshop FAQ
WAF have many considerations throughout its life cycle. Getting your WAF to good enough security requires a solid review of Assents, Implementations and Response (AIR model) Workshops are small chunks…
Application Common Attack Vectors (A-CAV)
Server Side Attacks – RequestHTTP Response SplittingInformation LeakageError messages dispalySession and cookiesCredential/Session PredictionNon-HttpOnly Session CookieUnsecured Session CookieInsufficient Session ExpirationSession FixationPersistent Session CookieServer Side Attacks – ResponseHTTP Response SplittingInformation LeakageError messages…