WAF types

 location mangment WAF type Screening WAF on perm / cloud / fully manageservice Perimeter WAF on perm / cloud / self manage monolity / microservices Mesh WAF on perm / cloud / self manage microservices 
Read More

PE’s

•PE = traps to catch the attack Traffic footprint – elements of the rule – S/A/R/CI •Rule = combination  of PE to find and prevent a known footprint of attack •Policy = Set of Rules – rule sets
Read More

WAF Workshop FAQ

WAF have many considerations throughout its life cycle. Getting your WAF to good enough security requires a solid review of Assents, Implementations and Response (AIR model) Workshops are small chunks of process that should be done when managing security deviceWorkshop is not a training. It is a hands-on workshop that is done with the customer.The…
Read More

WAF Vendor List

•According to Gartner, it is predicted that 80% of enterprises will have migrated away from traditional data centers and into the cloud within the next five years. With the ever-increasing adoption rate of web-based applications and API’s comes more security risks.The challenge with traditional Web Application Firewall (WAP) protection is that it cannot scale with…
Read More

Application Common Attack Vectors (A-CAV)

Server Side Attacks – RequestHTTP Response SplittingInformation LeakageError messages dispalySession and cookiesCredential/Session PredictionNon-HttpOnly Session CookieUnsecured Session CookieInsufficient Session ExpirationSession FixationPersistent Session CookieServer Side Attacks – ResponseHTTP Response SplittingInformation LeakageError messages dispalySession and cookiesCredential/Session PredictionNon-HttpOnly Session CookieUnsecured Session CookieInsufficient Session ExpirationSession FixationPersistent Session CookieFingerprintingDirectory guessingPredictable Resource LocationDirectory TraversalPath TraversalBuffer OverflowSQL InjectionImproper Input HandlingServer MisconfigurationOS Command InjectionRFI…
Read More