One day onsite training on Alibaba Cloud Web Application Firewall solution. Training designed to equip audience to have the education and knowledge required to secure their critical data and infrastructure using Alibaba Cloud WAF solutions. Targeted for security and network professionals, aligned with industry best practices, real-world deployment techniques and in-depth hands-on lab practice.
Onsite Training - Secure Web Applications with Alibaba Cloud Web Application Firewall
1. Secure Web Applications with
Alibaba Cloud Web Application Firewall
by Forster Chiu
Principal Consultant – iCON Business Systems Limited
2. 2
Principle Consultant - Cybersecurity Assurance and Compliance
(iCON Business Systems Ltd. Hong Kong)
Vulnerability Assessment, Security Audit (ISO 27001, GDPR), and Pen Tester
Speaker, Trainer - Security awareness and Offensive
Subject Matter Expert – EC-Council
PECB Certified Trainer
MSc in Computer and Security, PgD in IT Forensics,
BSc (Hons) Business Information Technology
About Me
3. 2009
Alibaba Cloud is founded
R&D centers are opened in Beijing,
Hangzhou and Silicon Valley
2010
Alibaba Cloud’s first data center opens
2014
2017
Alibaba announced as the as the Official Cloud
Services and Infrastructure Partner for the Olympic
Games at the World Economic Forum in Davos.
2018
Alibaba Cloud Timeline
Data Centers open in Beijing,
Shenzhen and Hong Kong
Included in Gartner’s Magic Quadrant
for Data Analytics
4. Alibaba Cloud Services
Data Migration
Web Hosting
Internet of Things
Elastic Computing
Storage
Networking
Security
10. Protects your website
against OWASP web
application attacks
Regular and timely
patches against 0day
vulnerabilities
Attack event management
What Alibaba Cloud WAF Can Do
11. Advantages of Alibaba Cloud WAF
Alibaba Cloud WAF
Function Solving traditional Web application attacks, solve business security
issues such as HTTP connections attack and etc.
Real Time Auto update the latest Web 0 Day vulnerability signature in 24 hours
Performance Second level elastic expansion, support for millions of QPS business
protection
Deployment Quick deployment in just 5 minutes, both cloud and non-cloud
Support Professional Expert Protection and IM Support
19. Demo 2: Quick Start Configuration
Method 1 - Add website configurations automatically
Prerequisites :
The DNS records of the website are managed by Alibaba Cloud DNS, and at least one A
record is valid.
21. Exception may be displayed after you have added the
website configuration. Wait a few seconds and check the
DNS status again, or check whether the DNS settings are
configured correctly at your DNS service provider.
25. HTTP ACL Policy
Web Application Protection
HTTP Flood Protection
Big Data Deep Learning Engine
Block IPs Initiating High-frequency
Web Attacks
WAF Features And Protection Rules
Directory Scan Protection
Threat Intelligence
Blocked Regions
Data Risk Control
Website Tamper-proofing
Data Leakage Prevention
26.
27. Demo 4: Reporting and Loging
Total QPS and the malicious QPS (triggering protection rules) of the latest 30 days
Inbound and Outbound bandwidth of the latest 30 days
Number of abnormal responses of the latest 30 days
Top 5 cities and Top 10 IP addresses that requests originate from
Mobile operating systems and PC browsers that requests originate from
Top 5 URLs with the slowest response speed
Top 5 URLs that are most frequently requested
28.
29. Frequencies of Web application attacks, HTTP flood attacks, and Web ACL events of the latest 30 days
Risk warnings of newly exposed industry or business security events
Messages of update of Alibaba Cloud WAF protection rule sets
30. Web application attacks
of the latest 30 days
HTTP flood attacks
of the latest 30 days
Web ACL events
of the latest 30 days
You can query the details of the following attack protection records:
31.
32.
33. Lab Prerequisites:
WebGoat 8 (https://github.com/WebGoat/WebGoat)
OWASP ZAP (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)
Vega Vulnerability Scanner (https://subgraph.com/vega/)
Alibaba Cloud WAF Protection Rules Configuration
Alibaba Cloud WAF Lab DEMO
Lab Objectives:
Discover web vulnerabilities of WebGoat 8
Attack WebGoat 8 without Alibaba Cloud WAF Protection
Attack WebGoat 8 with Alibaba Cloud WAF Protection
Verify the business values offered by Alibaba Cloud WAF Protection