TV
Uploaded byTjylen Veselyj
PPTX, PDF2,583 views

Web Application Firewall (WAF) DAST/SAST combination

The document discusses the importance of web application firewalls (WAF) as a security measure for applications facing increasing threats such as data theft and hacking. It highlights the advantages of using a WAF in combination with dynamic application security testing to protect against vulnerabilities and data leakage. The document also identifies target audiences for WAF, including financial and healthcare organizations, and encourages engagement with the solution provided by SoftServe.

Embed presentation

Downloaded 97 times
New generation Web Application Firewall: Shield for your apps Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe
Even best applications get challenges
Big applications get bigger challenges
Security is important factor for your app
Consequences Reputation loss Penalties Data loss
Breaching organizational perimeters Threats IP Theft Taking over high-value accounts Modify Victims website to deploy MALWARE to website visitors
Hackers motives Previously, attackers used application vulnerabilities to cause embarrassment and disruption. But now these attackers are exploiting vulnerabilities to steal data and much more
Problematic Vulnerability Distribution on First Submission by Language Veracode State of Software Security Report 2012
Percentage of Affected Vendor Supplied Web Application Builds Veracode State of Software Security Report 2012
How much time you need to fix security issues in app?
We have a solution for your application!
Web application firewall Microsoft IIS Apache Nginx
CYA (cover your apps) Time-to-Fix vs. Time-to-Hack Automated Temporary Patches
and do your business Brute Force protection DDoS protection Mitigate them immediately without waiting weeks for code changes.
Protection Against Zero-day Exploits Protection Against OWASP Top 10
Stops Data Leakage Protect your IP Detects disclosure and unauthorized content in outbound reply messages, such as source code, Credit-card and Social Security numbers.
Who need WAF? Mature ISV Immature ISV Financial organizations Healthcare organizations Reta il Educatio n PCIDSS 6.6 Ecommerce
DEMO Letā€™s test vulnerable web application with popular security tools
It really works! Applications Secured -
Our IP is: combination of Dynamic Application Security Testing (DAST) with Web Application Firewall (WAF) thatā€™s empower security and allow dynamically identify and patch unknown vulnerabilities
Would you like to try? Europe Headquarters 52 V. Velykoho Str. Lviv 79053, Ukraine Tel: +380-32-240-9090 Fax: +380-32-240-9080 E-mail: info@softserveinc.com US Headquarters 12800 University Drive, Suite 410 Fort Myers, FL 33966, USA Tel: 239-690-3111 Fax: 239-690-3116 E-mail: info@softserveinc.com www.softserveinc.com Copyright Ā© 2012 SoftServe, Inc. Thank You!

More Related Content

PDF
Application Security Guide for Beginners
byCheckmarx
Ā 
PPT
Benefits of web application firewalls
byEnclaveSecurity
Ā 
PPTX
Radware - WAF (Web Application Firewall)
byDeivid Toledo
Ā 
PDF
Benefits of Web Application Firewall
bydavidjohnrace
Ā 
PPT
Why You Need A Web Application Firewall
byPort80 Software
Ā 
PDF
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
byAlert Logic
Ā 
PPTX
CSS 17: NYC - Stories from the SOC
byAlert Logic
Ā 
PDF
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
byAlert Logic
Ā 
Application Security Guide for Beginners
byCheckmarx
Ā 
Benefits of web application firewalls
byEnclaveSecurity
Ā 
Radware - WAF (Web Application Firewall)
byDeivid Toledo
Ā 
Benefits of Web Application Firewall
bydavidjohnrace
Ā 
Why You Need A Web Application Firewall
byPort80 Software
Ā 
Css sf azure_8-9-17-stories_from_the_soc_paul fletcher_al
byAlert Logic
Ā 
CSS 17: NYC - Stories from the SOC
byAlert Logic
Ā 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
byAlert Logic
Ā 

What's hot

PDF
QualysGuard InfoDay 2013 - Web Application Firewall
byRisk Analysis Consultants, s.r.o.
Ā 
PDF
CSS17: Houston - Stories from the Security Operations Center
byAlert Logic
Ā 
PPTX
CSS 17: NYC - Realities of Security in the Cloud
byAlert Logic
Ā 
PDF
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
byAlert Logic
Ā 
PPTX
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
byCisco Security
Ā 
PDF
Protecting Against Web Attacks
byAlert Logic
Ā 
PDF
CSS17: Houston - Introduction to Security in the Cloud
byAlert Logic
Ā 
PDF
CSS17: Houston - Protecting Web Apps
byAlert Logic
Ā 
PDF
Web Application Firewall - Web Application & Web Services Security integrated...
byThomas Malmberg
Ā 
PPTX
#ALSummit: Architecting Security into your AWS Environment
byAlert Logic
Ā 
PDF
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
byAlert Logic
Ā 
PDF
The Intersection of Security & DevOps
byAlert Logic
Ā 
PDF
Stories from the Security Operations Center
byAlert Logic
Ā 
PDF
Realities of Security in the Cloud
byAlert Logic
Ā 
PDF
Realities of Security in the Cloud
byAlert Logic
Ā 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
Ā 
PDF
Remote Workforces Secure by Barracuda
byPrime Infoserv
Ā 
PPTX
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
byAlert Logic
Ā 
PDF
Azure Information Protection
byMicrosoft
Ā 
PDF
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
byAlert Logic
Ā 
QualysGuard InfoDay 2013 - Web Application Firewall
byRisk Analysis Consultants, s.r.o.
Ā 
CSS17: Houston - Stories from the Security Operations Center
byAlert Logic
Ā 
CSS 17: NYC - Realities of Security in the Cloud
byAlert Logic
Ā 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
byAlert Logic
Ā 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
byCisco Security
Ā 
Protecting Against Web Attacks
byAlert Logic
Ā 
CSS17: Houston - Introduction to Security in the Cloud
byAlert Logic
Ā 
CSS17: Houston - Protecting Web Apps
byAlert Logic
Ā 
Web Application Firewall - Web Application & Web Services Security integrated...
byThomas Malmberg
Ā 
#ALSummit: Architecting Security into your AWS Environment
byAlert Logic
Ā 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
byAlert Logic
Ā 
The Intersection of Security & DevOps
byAlert Logic
Ā 
Stories from the Security Operations Center
byAlert Logic
Ā 
Realities of Security in the Cloud
byAlert Logic
Ā 
Realities of Security in the Cloud
byAlert Logic
Ā 
The AWS Shared Responsibility Model in Practice
byAlert Logic
Ā 
Remote Workforces Secure by Barracuda
byPrime Infoserv
Ā 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
byAlert Logic
Ā 
Azure Information Protection
byMicrosoft
Ā 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
byAlert Logic
Ā 

Viewers also liked

PPTX
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
byKevin Fealey
Ā 
PDF
Building Your Application Security Data Hub - OWASP AppSecUSA
byDenim Group
Ā 
PPTX
Application Security Architecture and Threat Modelling
byPriyanka Aash
Ā 
PDF
SAST vs. DAST: Whatā€™s the Best Method For Application Security Testing?
byCigital
Ā 
PDF
Troopers09: The Truth about Web Application Firewalls: What the vendors do NO...
bySandro Gauci
Ā 
PDF
Running MySQL in AWS
byLaine Campbell
Ā 
PPTX
Evolution of WAF - Stop Worrying About Vulnerabilities
byBrian A. McHenry
Ā 
PPTX
ŠžŠ±Š·Š¾Ń€ Š²Š¾Š·Š¼Š¾Š¶Š½Š¾ŃŃ‚ŠµŠ¹ HTML5
byŠ’ŠøтŠ°Š»ŠøŠ¹ Š¢Ń€Š¾Š¼ŠæŠ°Šŗ
Ā 
PPTX
Web Application Firewall intro
byRich Helton
Ā 
PDF
HARDENING IN APACHE WEB SERVER
byUtah Networxs Consultoria e Treinamento
Ā 
PPT
Firewall hw
byJosĆ© Luis AndĆŗjar
Ā 
PPTX
Apache server configuration & optimization
byGokul Muralidharan
Ā 
PDF
PresentaciĆ³n Web application firewall
byMiguel Angel LĆ³pez Moyano
Ā 
PPTX
T3ch fest leganes_final
byRober Garamo
Ā 
PDF
Hardware Attacks and Security
byPriyanka Aash
Ā 
PPT
Pkk
byvalencia.terrorismo
Ā 
PPS
Ud4 Seguridad del hardware
bycarmenrico14
Ā 
PPTX
Hardware para hacking (2011)
byWebsec MĆ©xico
Ā 
PPTX
Los atacantes y sus herramientas
byIsrael CalderĆ³n de la Cruz
Ā 
PPT
Unidad 3: Seguridad lĆ³gica
bycarmenrico14
Ā 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
byKevin Fealey
Ā 
Building Your Application Security Data Hub - OWASP AppSecUSA
byDenim Group
Ā 
Application Security Architecture and Threat Modelling
byPriyanka Aash
Ā 
SAST vs. DAST: Whatā€™s the Best Method For Application Security Testing?
byCigital
Ā 
Troopers09: The Truth about Web Application Firewalls: What the vendors do NO...
bySandro Gauci
Ā 
Running MySQL in AWS
byLaine Campbell
Ā 
Evolution of WAF - Stop Worrying About Vulnerabilities
byBrian A. McHenry
Ā 
ŠžŠ±Š·Š¾Ń€ Š²Š¾Š·Š¼Š¾Š¶Š½Š¾ŃŃ‚ŠµŠ¹ HTML5
byŠ’ŠøтŠ°Š»ŠøŠ¹ Š¢Ń€Š¾Š¼ŠæŠ°Šŗ
Ā 
Web Application Firewall intro
byRich Helton
Ā 
HARDENING IN APACHE WEB SERVER
byUtah Networxs Consultoria e Treinamento
Ā 
Firewall hw
byJosĆ© Luis AndĆŗjar
Ā 
Apache server configuration & optimization
byGokul Muralidharan
Ā 
PresentaciĆ³n Web application firewall
byMiguel Angel LĆ³pez Moyano
Ā 
T3ch fest leganes_final
byRober Garamo
Ā 
Hardware Attacks and Security
byPriyanka Aash
Ā 
Pkk
byvalencia.terrorismo
Ā 
Ud4 Seguridad del hardware
bycarmenrico14
Ā 
Hardware para hacking (2011)
byWebsec MĆ©xico
Ā 
Los atacantes y sus herramientas
byIsrael CalderĆ³n de la Cruz
Ā 
Unidad 3: Seguridad lĆ³gica
bycarmenrico14
Ā 

Similar to Web Application Firewall (WAF) DAST/SAST combination

PPT
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
byNeil Matatall
Ā 
PDF
Web Application Firewall_ Solution to Reduce Cyber Attacks _ CyberPro Magazin...
byCyberPro Magazine
Ā 
PPTX
Forti web
byLan & Wan Solutions
Ā 
PPTX
Forti web
byLan & Wan Solutions
Ā 
PDF
Why Do You Need a Web Application Firewall?
byBORNSEC CONSULTING
Ā 
PDF
8 Key Considerations in Choosing the Right WAF
byIndusfacePvtLtd
Ā 
DOC
Web Access Firewall
byBalaBhaskaraRao CEH,CCNA Security,CHFI,Qualys Specialist
Ā 
PPT
Partner Zymbian & Fortinet webinar on Web2.0 security
byZymbian
Ā 
PPTX
FireHost Webinar: Protect Your Application With Intelligent Security
byArmor
Ā 
PPT
Protecting web aplications with machine learning and security fabric
byDATA SECURITY SOLUTIONS
Ā 
PPTX
Application Hackers Have A Handbook. Why Shouldn't You?
byLondon School of Cyber Security
Ā 
PDF
WebAppSec: Assessment and Defense
byajitdhumale
Ā 
PPTX
Cloud Web Application Firewall - GlobalDots
byGlobalDots
Ā 
PPTX
Firewall presentation
byarshidkb
Ā 
PDF
Web Application Firewall. Enhancing web security in the digital age.pdf
byPriyaSharma401031
Ā 
PDF
Web Application Frewall
byAbhishek Singh
Ā 
PDF
Firewall seguro, proteĆ§Ć£o para aplicaƧƵes
byCYLK IT Solutions
Ā 
PDF
Benefits of web application firewall (1).pdf
byPriyaSharma401031
Ā 
PPTX
WAFs.pptx
byHamzaJamil41
Ā 
PPTX
Gartner MQ for Web App Firewall Webinar
byImperva
Ā 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
byNeil Matatall
Ā 
Web Application Firewall_ Solution to Reduce Cyber Attacks _ CyberPro Magazin...
byCyberPro Magazine
Ā 
Forti web
byLan & Wan Solutions
Ā 
Forti web
byLan & Wan Solutions
Ā 
Why Do You Need a Web Application Firewall?
byBORNSEC CONSULTING
Ā 
8 Key Considerations in Choosing the Right WAF
byIndusfacePvtLtd
Ā 
Web Access Firewall
byBalaBhaskaraRao CEH,CCNA Security,CHFI,Qualys Specialist
Ā 
Partner Zymbian & Fortinet webinar on Web2.0 security
byZymbian
Ā 
FireHost Webinar: Protect Your Application With Intelligent Security
byArmor
Ā 
Protecting web aplications with machine learning and security fabric
byDATA SECURITY SOLUTIONS
Ā 
Application Hackers Have A Handbook. Why Shouldn't You?
byLondon School of Cyber Security
Ā 
WebAppSec: Assessment and Defense
byajitdhumale
Ā 
Cloud Web Application Firewall - GlobalDots
byGlobalDots
Ā 
Firewall presentation
byarshidkb
Ā 
Web Application Firewall. Enhancing web security in the digital age.pdf
byPriyaSharma401031
Ā 
Web Application Frewall
byAbhishek Singh
Ā 
Firewall seguro, proteĆ§Ć£o para aplicaƧƵes
byCYLK IT Solutions
Ā 
Benefits of web application firewall (1).pdf
byPriyaSharma401031
Ā 
WAFs.pptx
byHamzaJamil41
Ā 
Gartner MQ for Web App Firewall Webinar
byImperva
Ā 

More from Tjylen Veselyj

PPTX
Intro to Security in SDLC
byTjylen Veselyj
Ā 
PPTX
Welcome to the world of hacking
byTjylen Veselyj
Ā 
PPTX
Mobile security services 2012
byTjylen Veselyj
Ā 
PPTX
iOS Forensics
byTjylen Veselyj
Ā 
PPTX
Virtual Machine Introspection - Future of the Cloud
byTjylen Veselyj
Ā 
PPTX
Security hole #5 application security science or quality assurance
byTjylen Veselyj
Ā 
PPTX
Sh#3 incident forensics
byTjylen Veselyj
Ā 
PPTX
Owasp Community in Lviv
byTjylen Veselyj
Ā 
PPTX
Sql Injection V.2
byTjylen Veselyj
Ā 
PPTX
Cloud Security vs Security in the Cloud
byTjylen Veselyj
Ā 
PPTX
Mobilination Ntymoshyk Personal Mobile Security Final Public
byTjylen Veselyj
Ā 
Intro to Security in SDLC
byTjylen Veselyj
Ā 
Welcome to the world of hacking
byTjylen Veselyj
Ā 
Mobile security services 2012
byTjylen Veselyj
Ā 
iOS Forensics
byTjylen Veselyj
Ā 
Virtual Machine Introspection - Future of the Cloud
byTjylen Veselyj
Ā 
Security hole #5 application security science or quality assurance
byTjylen Veselyj
Ā 
Sh#3 incident forensics
byTjylen Veselyj
Ā 
Owasp Community in Lviv
byTjylen Veselyj
Ā 
Sql Injection V.2
byTjylen Veselyj
Ā 
Cloud Security vs Security in the Cloud
byTjylen Veselyj
Ā 
Mobilination Ntymoshyk Personal Mobile Security Final Public
byTjylen Veselyj
Ā 

Recently uploaded

PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
Ā 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
Ā 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
Ā 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
Ā 
PDF
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
Ā 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and itā€™s impact on Tra...
byapidays
Ā 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
Ā 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
Ā 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
Ā 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
Ā 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
Ā 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
Ā 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
Ā 
PDF
The new book ā€œMarketing in the Metaverseā€ spotlights Scott M. Graffiusā€™ research
byScott M. Graffius
Ā 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
Ā 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
Ā 
PDF
Logical Optimal Actions ā€“ Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
Ā 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
Ā 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
Ā 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
Ā 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
Ā 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
Ā 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
Ā 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
Ā 
Antminer S23Hyd-580_Manual-V1.1-oneminers.pdf
byFranzhLawrenceBataan1
Ā 
TravelTech Paris 2025 | The EU Digital Identity Wallet and itā€™s impact on Tra...
byapidays
Ā 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
Ā 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
Ā 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
Ā 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
Ā 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
Ā 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
Ā 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
Ā 
The new book ā€œMarketing in the Metaverseā€ spotlights Scott M. Graffiusā€™ research
byScott M. Graffius
Ā 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
Ā 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
Ā 
Logical Optimal Actions ā€“ Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
Ā 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
Ā 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
Ā 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
Ā 

Web Application Firewall (WAF) DAST/SAST combination

Editor's Notes

  • #3Ā For any application there is the moment when application stop being perfect and ideal. This could be due to different reasons:Technology renewalGovernment regulationsHardware evolution,Business factors. And other
  • #4Ā The real world example is the Chinees wall. A huge amount of tourists visit this building every day. And every one wants to take a piece of the wall with his as a souvenir. This is a typical example of scalability. With such popularity, the wall could be destroyed in a couple of years. For that reason government decided to bring bricks to the wall every night, so tourists can take them as a souvenirs instead of real rocks. In such way they resolved scalability issues in very specific way. It means that Big application has very specific issue and need specific solution.
  • #10Ā Websites ā€“ The New BattlegroundThe average website is targeted anywhere from twice to 200 times a day by miscellaneous worms and crawlers that attempt a slew of diverse attacks ā€“ some for well known exploits, others for recently discovered, and as a result unpatched, faults. Since these attacks are automated, their numbers only grow, and the attackers never tire.Ā 
  • #13Ā When adding a new feature costs a lot or it causes performance degradation you need application assessment
  • #15Ā Web application firewalls are your first line of defense against new and existing web application threats. They are generally capable of preventing even emerging attacks, and are quickly updated when new threats are discovered. Those deployed in conjunction with or on an extensible application delivery platform provide additional value in the capability to dynamically create policies to address emerging threats or custom threats against your application.They can CYA (cover your apps) while you find and fix the vulnerabilities, a process that requires development, testing, and redeployment. And while you're going through that process - what's going on with your application? Have you taken it offline because it's vulnerable? Were you aware of the specific attack vector when you developed the application?No, you probably haven't, especially not if you're in the retail business because if your application is down then you are losing revenue and that's not acceptable. And no, you probably weren't aware of that attack when the app was developed because it hadn't been discovered yet.But if you've got a WAF you are likely able to continue running your application, secure in the knowledge that the WAF is going to be able to thwart a wide variety of known attacks while you scan, find, and fix the vulnerabilities in your application whether those are emerging threats or existing ones.
  • #17Ā block traffic from malicious sources before an attack can even be attempted