SlideShare a Scribd company logo

WAFs.pptx

Download as PPTX, PDF
H
HamzaJamil41

jhjghghf

Career
1 of 19
Web Application and Firewall Security (WAFs) “Information Security” Course Name Assessment “Final/Midterm” Submitted To (Teacher Name) Date: 26/12/2022
2 Hassan Sadiq Team Structure Roll No Roll No Importance and Implementation Hassan Sadiq Introduction and Working Roll No Hassan Sadiq Market Overview and WAFs Demo
Outline 01 What is a Web Application Firewall (WAF)? 02 03 04 05 Features & Functionality How does it work? Types of Web Application Firewall What is difference between blocklist and allowlist WAFs? 06 Importance 07 08 10 What is the difference between WAFs and….? WAF Drivers Deployment Modes Implementation Considerations 09
Outline 11 WAF Market Overview 12 13 14 15 WAFs Application and Advantages WAF vs. firewall Commercial vs. open-source WAFs Short WAF Demo 16 Reference Q/A 17 Users Internet Web Applicatio n Firewall Web Servers
Roll No 1 Hassan Sadiq
Web Application Firewall (WAF)? A web application firewall (WAF) is a firewall that monitors, filters, and blocks data packets as they travel to and from a website or web application. A software or hardware solution that protects your web-enabled applications from threats/attacks. What is a Web Application Firewall (WAF)?
WAFs prevent the following web applications and common attacks: What is a Web Application Firewall (WAF)?
Application profiling AI-powered traffic pattern analysis Correlation Engines Attack signature databases Features & Functionality
Content delivery networks (CDNs) Customization DDoS protection platforms Features & Functionality
How does it work? WAFs are implemented as
How does it work? Three Basic Security Models Whitelisting model Blacklisting model Hybrid model 01 02 03
Types of Web Application Firewall 01Hardware-based WAF A hardware-based WAF is deployed through a hardware appliance, installed locally within the network close to the web application servers. 02 Cloud-Based WAF A cloud-based WAF is a managed by a service provider that offers the WAF as a security-as-a-service. 03 Software-Based WAF A software-based WAF is a virtual appliance that is hosted either locally or in the application cloud environment . There are 3 types of WAFs on the market. They all achieve the same goal, but they are installed and deployed in different locations.
What is difference between blocklist and allowlist WAFs? Both blocklists and allowlists have their advantages and drawbacks, which is why many WAFs offer a hybrid security model, which implements both.
14 Importance WAF act as a guard intended explicitly to monitor web-based traffic & screens all ingoing and outgoing HTTP requests to block anything malicious. WAFs are programmed to detect several common threats like: SQL injection Path traversal XSS attack WAF is a fast and cost-effective way to enhance the security of your computer network.
Importance 01 SQL-Injection A SQL vulnerability allows a hacker to inject malicious code, allowing them to do many things 02 Path Traversal A Cross-Site Scripting attack, is an exploit where a hacker runs a malicious script in a user’s browser. 03 XSS attack A directory traversal attack, an exploit whereby a hacker accesses data stored outside of the root folder
16 What Is an NGFW? • A next-generation firewall (NGFW) is a type of application firewall that combines the best features of a traditional network firewall and a web application firewall. • Acts as a firewall that blocks incoming requests by inspecting the network layer packets • Allows security admins to handle more advanced scenarios and block more sophisticated threats
17 Difference • A next-generation firewall (NGFW) is a type of application firewall that combines the best features of a traditional network firewall and a web application firewall. • Acts as a firewall that blocks incoming requests by inspecting the network layer packets • Allows security admins to handle more advanced scenarios and block more sophisticated threats NGFW First gen-FW? • A next-generation firewall (NGFW) is a type of application firewall that combines the best features of a traditional network firewall and a web application firewall. • Acts as a firewall that blocks incoming requests by inspecting the network layer packets • Allows security admins to handle more advanced scenarios and block more sophisticated threats
Reference Reference sites: • https://www.techtarget.com/searchsecurity/definitio • https://www.imperva.com/learn/application- security/what-is-web-application-firewall-waf/ • https://www.indusface.com/blog/how-web- application-firewall-works/ • https://www.paloaltonetworks.com/cyberpedia/diffe rence-between-wafs-and-ngfws
Any Question? The End

Recommended

Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
Rich Helton
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
MarketingArrowECS_CZ
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Amazon Web Services
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 

Recommended

Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
Rich Helton
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application Firewall
Chandrapal Badshah
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
MarketingArrowECS_CZ
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Secure your Web Applications with AWS Web Application Firewall (WAF) and AWS ...
Amazon Web Services
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
MarketingArrowECS_CZ
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
ebusinessmantra
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
Mohit Dholakiya
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
Lior Rotkovitch
 
(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF
Amazon Web Services
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Jiri Danihelka
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
Amazon Web Services
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Micho Hayek
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
Amazon Web Services
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
davidjohnrace
 
Web Access Firewall
Web Access FirewallWeb Access Firewall
Web Access Firewall
BalaBhaskaraRao CEH,CCNA Security,CHFI,Qualys Specialist
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDots
GlobalDots
 

More Related Content

What's hot

OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 

What's hot (20)

F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices
 
(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF(SEC323) New: Securing Web Applications with AWS WAF
(SEC323) New: Securing Web Applications with AWS WAF
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Xss attack
Xss attackXss attack
Xss attack
 
AWS WAF
AWS WAFAWS WAF
AWS WAF
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
 

Similar to WAFs.pptx

WAFFLE - A Web Application Firewall that defies rules
WAFFLE - A Web Application Firewall that defies rulesWAFFLE - A Web Application Firewall that defies rules
WAFFLE - A Web Application Firewall that defies rules
Dimitris Gkizanis
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
Ajin Abraham
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
Lokesh Sharma
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
EnclaveSecurity
 

Similar to WAFs.pptx (20)

Web Access Firewall
Web Access FirewallWeb Access Firewall
Web Access Firewall
 
Cloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDotsCloud Web Application Firewall - GlobalDots
Cloud Web Application Firewall - GlobalDots
 
WAFFLE - A Web Application Firewall that defies rules
WAFFLE - A Web Application Firewall that defies rulesWAFFLE - A Web Application Firewall that defies rules
WAFFLE - A Web Application Firewall that defies rules
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
 
WordPress Firewall Why Should You Need One.pdf
WordPress Firewall Why Should You Need One.pdfWordPress Firewall Why Should You Need One.pdf
WordPress Firewall Why Should You Need One.pdf
 
375 378
375 378375 378
375 378
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 
Web Application Firewall (WAF) Data Sheet - Array Networks
Web Application Firewall (WAF) Data Sheet - Array NetworksWeb Application Firewall (WAF) Data Sheet - Array Networks
Web Application Firewall (WAF) Data Sheet - Array Networks
 
Forti web
Forti webForti web
Forti web
 
Forti web
Forti webForti web
Forti web
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 
CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2
 
The Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's ToolboxThe Web AppSec How-To: The Defender's Toolbox
The Web AppSec How-To: The Defender's Toolbox
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurity
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 

Recently uploaded

Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
amitlee9823
 
Dubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big Boody
Dubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big BoodyDubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big Boody
Dubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big Boody
kojalkojal131
 
Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...
Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...
Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...
Call Girls in Nagpur High Profile
 
一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证
一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证
一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证
epodumf6
 
Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
amitlee9823
 
➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...
➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...
➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...
amitlee9823
 
0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf
0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf
0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf
ssuserded2d4
 
Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
amitlee9823
 
Internship Report].pdf iiwmoosmsosmshkssmk
Internship Report].pdf iiwmoosmsosmshkssmkInternship Report].pdf iiwmoosmsosmshkssmk
Internship Report].pdf iiwmoosmsosmshkssmk
SujalTamhane
 
Dark Dubai Call Girls O525547819 Skin Call Girls Dubai
Dark Dubai Call Girls O525547819 Skin Call Girls DubaiDark Dubai Call Girls O525547819 Skin Call Girls Dubai
Dark Dubai Call Girls O525547819 Skin Call Girls Dubai
kojalkojal131
 
Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...
Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...
Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...
sonalitrivedi431
 
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
ZurliaSoop
 
Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...
Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...
Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...
amitlee9823
 
Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Call Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 

Recently uploaded (20)

Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Nagavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
 
Miletti Gabriela_Vision Plan for artist Jahzel.pdf
Miletti Gabriela_Vision Plan for artist Jahzel.pdfMiletti Gabriela_Vision Plan for artist Jahzel.pdf
Miletti Gabriela_Vision Plan for artist Jahzel.pdf
 
Dubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big Boody
Dubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big BoodyDubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big Boody
Dubai Call Girls Demons O525547819 Call Girls IN DUbai Natural Big Boody
 
Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...
Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...
Booking open Available Pune Call Girls Ambegaon Khurd 6297143586 Call Hot In...
 
一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证
一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证
一比一原版(毕业证书)意大利米兰理工大学毕业证学位证可查学历认证
 
Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
Chikkabanavara Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangal...
 
➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...
➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...
➥🔝 7737669865 🔝▻ Tirupati Call-girls in Women Seeking Men 🔝Tirupati🔝 Escor...
 
Joshua Minker Brand Exploration Sports Broadcaster .pptx
Joshua Minker Brand Exploration Sports Broadcaster .pptxJoshua Minker Brand Exploration Sports Broadcaster .pptx
Joshua Minker Brand Exploration Sports Broadcaster .pptx
 
Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.Brand Analysis for reggaeton artist Jahzel.
Brand Analysis for reggaeton artist Jahzel.
 
Résumé (2 pager - 12 ft standard syntax)
Résumé (2 pager - 12 ft standard syntax)Résumé (2 pager - 12 ft standard syntax)
Résumé (2 pager - 12 ft standard syntax)
 
0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf
0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf
0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf0425-GDSC-TMU.pdf
 
Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Btm Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Internship Report].pdf iiwmoosmsosmshkssmk
Internship Report].pdf iiwmoosmsosmshkssmkInternship Report].pdf iiwmoosmsosmshkssmk
Internship Report].pdf iiwmoosmsosmshkssmk
 
Dark Dubai Call Girls O525547819 Skin Call Girls Dubai
Dark Dubai Call Girls O525547819 Skin Call Girls DubaiDark Dubai Call Girls O525547819 Skin Call Girls Dubai
Dark Dubai Call Girls O525547819 Skin Call Girls Dubai
 
Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...
Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...
Hyderabad 💫✅💃 24×7 BEST GENUINE PERSON LOW PRICE CALL GIRL SERVICE FULL SATIS...
 
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
Jual obat aborsi Jakarta ( 085657271886 )Cytote pil telat bulan penggugur kan...
 
Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...
Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...
Vip Mumbai Call Girls Ghatkopar Call On 9920725232 With Body to body massage ...
 
Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jayanagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Personal Brand Exploration ppt.- Ronnie Jones
Personal Brand Exploration ppt.- Ronnie JonesPersonal Brand Exploration ppt.- Ronnie Jones
Personal Brand Exploration ppt.- Ronnie Jones
 
Call Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hoodi Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 

WAFs.pptx

  • 1. Web Application and Firewall Security (WAFs) “Information Security” Course Name Assessment “Final/Midterm” Submitted To (Teacher Name) Date: 26/12/2022
  • 2. 2 Hassan Sadiq Team Structure Roll No Roll No Importance and Implementation Hassan Sadiq Introduction and Working Roll No Hassan Sadiq Market Overview and WAFs Demo
  • 3. Outline 01 What is a Web Application Firewall (WAF)? 02 03 04 05 Features & Functionality How does it work? Types of Web Application Firewall What is difference between blocklist and allowlist WAFs? 06 Importance 07 08 10 What is the difference between WAFs and….? WAF Drivers Deployment Modes Implementation Considerations 09
  • 4. Outline 11 WAF Market Overview 12 13 14 15 WAFs Application and Advantages WAF vs. firewall Commercial vs. open-source WAFs Short WAF Demo 16 Reference Q/A 17 Users Internet Web Applicatio n Firewall Web Servers
  • 6. Web Application Firewall (WAF)? A web application firewall (WAF) is a firewall that monitors, filters, and blocks data packets as they travel to and from a website or web application. A software or hardware solution that protects your web-enabled applications from threats/attacks. What is a Web Application Firewall (WAF)?
  • 7. WAFs prevent the following web applications and common attacks: What is a Web Application Firewall (WAF)?
  • 8. Application profiling AI-powered traffic pattern analysis Correlation Engines Attack signature databases Features & Functionality
  • 9. Content delivery networks (CDNs) Customization DDoS protection platforms Features & Functionality
  • 10. How does it work? WAFs are implemented as
  • 11. How does it work? Three Basic Security Models Whitelisting model Blacklisting model Hybrid model 01 02 03
  • 12. Types of Web Application Firewall 01Hardware-based WAF A hardware-based WAF is deployed through a hardware appliance, installed locally within the network close to the web application servers. 02 Cloud-Based WAF A cloud-based WAF is a managed by a service provider that offers the WAF as a security-as-a-service. 03 Software-Based WAF A software-based WAF is a virtual appliance that is hosted either locally or in the application cloud environment . There are 3 types of WAFs on the market. They all achieve the same goal, but they are installed and deployed in different locations.
  • 13. What is difference between blocklist and allowlist WAFs? Both blocklists and allowlists have their advantages and drawbacks, which is why many WAFs offer a hybrid security model, which implements both.
  • 14. 14 Importance WAF act as a guard intended explicitly to monitor web-based traffic & screens all ingoing and outgoing HTTP requests to block anything malicious. WAFs are programmed to detect several common threats like: SQL injection Path traversal XSS attack WAF is a fast and cost-effective way to enhance the security of your computer network.
  • 15. Importance 01 SQL-Injection A SQL vulnerability allows a hacker to inject malicious code, allowing them to do many things 02 Path Traversal A Cross-Site Scripting attack, is an exploit where a hacker runs a malicious script in a user’s browser. 03 XSS attack A directory traversal attack, an exploit whereby a hacker accesses data stored outside of the root folder
  • 16. 16 What Is an NGFW? • A next-generation firewall (NGFW) is a type of application firewall that combines the best features of a traditional network firewall and a web application firewall. • Acts as a firewall that blocks incoming requests by inspecting the network layer packets • Allows security admins to handle more advanced scenarios and block more sophisticated threats
  • 17. 17 Difference • A next-generation firewall (NGFW) is a type of application firewall that combines the best features of a traditional network firewall and a web application firewall. • Acts as a firewall that blocks incoming requests by inspecting the network layer packets • Allows security admins to handle more advanced scenarios and block more sophisticated threats NGFW First gen-FW? • A next-generation firewall (NGFW) is a type of application firewall that combines the best features of a traditional network firewall and a web application firewall. • Acts as a firewall that blocks incoming requests by inspecting the network layer packets • Allows security admins to handle more advanced scenarios and block more sophisticated threats
  • 18. Reference Reference sites: • https://www.techtarget.com/searchsecurity/definitio • https://www.imperva.com/learn/application- security/what-is-web-application-firewall-waf/ • https://www.indusface.com/blog/how-web- application-firewall-works/ • https://www.paloaltonetworks.com/cyberpedia/diffe rence-between-wafs-and-ngfws

Editor's Notes

  1. WAF’s act as a guard intended explicitly to monitor web-based traffic. In practice, a WAF resides in front of a web application, like a bodyguard and screens all ingoing and outgoing HTTP traffic to block anything malicious. WAFs are designed to work in conjunction with a full suite of security products like traditional firewalls and intrusion prevention systems.
  2. WAFS helps to secure from thses threats : SQL Injection: An SQL attack is often the result of a software security vulnerability (less than perfect backend code). A WAF can protect against an SQL injection by preventing requests associated with suspicious signatures. Without a WAF, it’s easier for a nefarious character to pass off a fraudulent claim as authentic. Path Traversal: A WAF protects against this attack by scanning HTTP requests and preventing hackers from uploading attack archives to the system. XSS Attack: Similar to SQL injection attack prevention, a WAF can prevent an XSS attack by scanning security signatures. Requests associated with suspicious signatures are blocked.