In this presentation we analyze benefits of applied innovative WAF that have callback connection with DAST security tools and allow very quickly detect security defects in critical SaaS or e-commerce application
For any application there is the moment when application stop being perfect and ideal. This could be due to different reasons:Technology renewalGovernment regulationsHardware evolution,Business factors. And other
The real world example is the Chinees wall. A huge amount of tourists visit this building every day. And every one wants to take a piece of the wall with his as a souvenir. This is a typical example of scalability. With such popularity, the wall could be destroyed in a couple of years. For that reason government decided to bring bricks to the wall every night, so tourists can take them as a souvenirs instead of real rocks. In such way they resolved scalability issues in very specific way. It means that Big application has very specific issue and need specific solution.
Websites – The New BattlegroundThe average website is targeted anywhere from twice to 200 times a day by miscellaneous worms and crawlers that attempt a slew of diverse attacks – some for well known exploits, others for recently discovered, and as a result unpatched, faults. Since these attacks are automated, their numbers only grow, and the attackers never tire.
When adding a new feature costs a lot or it causes performance degradation you need application assessment
Web application firewalls are your first line of defense against new and existing web application threats. They are generally capable of preventing even emerging attacks, and are quickly updated when new threats are discovered. Those deployed in conjunction with or on an extensible application delivery platform provide additional value in the capability to dynamically create policies to address emerging threats or custom threats against your application.They can CYA (cover your apps) while you find and fix the vulnerabilities, a process that requires development, testing, and redeployment. And while you're going through that process - what's going on with your application? Have you taken it offline because it's vulnerable? Were you aware of the specific attack vector when you developed the application?No, you probably haven't, especially not if you're in the retail business because if your application is down then you are losing revenue and that's not acceptable. And no, you probably weren't aware of that attack when the app was developed because it hadn't been discovered yet.But if you've got a WAF you are likely able to continue running your application, secure in the knowledge that the WAF is going to be able to thwart a wide variety of known attacks while you scan, find, and fix the vulnerabilities in your application whether those are emerging threats or existing ones.
block traffic from malicious sources before an attack can even be attempted
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall:
Shield for your apps
Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe