WAF types

 location mangment WAF type Screening WAF on perm / cloud / fully manageservice Perimeter WAF on perm / cloud / self manage monolity / microservices Mesh WAF on perm / cloud / self manage microservices 
Read More

PE’s

•PE = traps to catch the attack Traffic footprint – elements of the rule – S/A/R/CI •Rule = combination  of PE to find and prevent a known footprint of attack •Policy = Set of Rules – rule sets
Read More

WAF Workshop FAQ

WAF have many considerations throughout its life cycle. Getting your WAF to good enough security requires a solid review of Assents, Implementations and Response (AIR model) Workshops are small chunks of process that should be done when managing security deviceWorkshop is not a training. It is a hands-on workshop that is done with the customer.The…
Read More

WAF Vendor List

•According to Gartner, it is predicted that 80% of enterprises will have migrated away from traditional data centers and into the cloud within the next five years. With the ever-increasing adoption rate of web-based applications and API’s comes more security risks.The challenge with traditional Web Application Firewall (WAP) protection is that it cannot scale with…
Read More

Application Common Attack Vectors (A-CAV)

Server Side Attacks – RequestHTTP Response SplittingInformation LeakageError messages dispalySession and cookiesCredential/Session PredictionNon-HttpOnly Session CookieUnsecured Session CookieInsufficient Session ExpirationSession FixationPersistent Session CookieServer Side Attacks – ResponseHTTP Response SplittingInformation LeakageError messages dispalySession and cookiesCredential/Session PredictionNon-HttpOnly Session CookieUnsecured Session CookieInsufficient Session ExpirationSession FixationPersistent Session CookieFingerprintingDirectory guessingPredictable Resource LocationDirectory TraversalPath TraversalBuffer OverflowSQL InjectionImproper Input HandlingServer MisconfigurationOS Command InjectionRFI…
Read More
 location mangment WAF type 
Screening WAF on perm / cloud / fully manageservice 
Perimeter WAF on perm / cloud / self manage monolity / microservices 
Mesh WAF on perm / cloud / self manage microservices 

•PE = traps to catch the attack Traffic footprint – elements of the rule – S/A/R/CI

•Rule = combination  of PE to find and prevent a known footprint of attack

•Policy = Set of Rules – rule sets

WAF have many considerations throughout its life cycle. Getting your WAF to good enough security requires a solid review of Assents, Implementations and Response (AIR model)

  • Workshops are small chunks of process that should be done when managing security device
  • Workshop is not a training. It is a hands-on workshop that is done with the customer.
  • The outcome of the workshop is improving the main pillars of a security management for WAF

•According to Gartner, it is predicted that 80% of enterprises will have migrated away from traditional data centers and into the cloud within the next five years. With the ever-increasing adoption rate of web-based applications and API’s comes more security risks.

The challenge with traditional Web Application Firewall (WAP) protection is that it cannot scale with the ever-changing content of web-based applications without either consistently updating WAF rule tables, or alternatively turning off most WAF capabilities, nor does it protect against API or bot attacks.

Come join our security experts in this session and learn how CloudGuard WAAP can help address those challenges above and why it is the only solution in the market that guarantees maximum security. • •

Server Side Attacks – Request
HTTP Response Splitting
Information Leakage
Error messages dispaly
Session and cookies
Credential/Session Prediction
Non-HttpOnly Session Cookie
Unsecured Session Cookie
Insufficient Session Expiration
Session Fixation
Persistent Session Cookie
Server Side Attacks – Response
HTTP Response Splitting
Information Leakage
Error messages dispaly
Session and cookies
Credential/Session Prediction
Non-HttpOnly Session Cookie
Unsecured Session Cookie
Insufficient Session Expiration
Session Fixation
Persistent Session Cookie
Fingerprinting
Directory guessing
Predictable Resource Location
Directory Traversal
Path Traversal
Buffer Overflow
SQL Injection
Improper Input Handling
Server Misconfiguration
OS Command Injection
RFI LFI
Web defacement
HTTP Request Splitting
HTTP smuggling

Client side attacks
Autocomplete Attribute
Cross Site Scripting
Cross Site Request Forgery
Weak Password Recovery Validation
Click jacking
Slow attacks
Slowloris
Slow read
Slow post
Protocols attacks
Invalid HTTP Method Usage
Null Byte Injection
Format string attacks
HTTP structure
JSON stracture missuse
HTTP Response Splitting
Information Leakage
Error messages dispaly
Session and cookies
Credential/Session Prediction
Non-HttpOnly Session Cookie
Unsecured Session Cookie
Insufficient Session Expiration
Session Fixation
Persistent Session Cookie
Business Attacks
Web scarping
Denial of Service
Brute Force
Credentials stuffing
Bots
Menu