Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

F5 - BigIP ASM introduction

Related Books

Free with a 30 day trial from Scribd

See all
  • Login to see the comments

F5 - BigIP ASM introduction

  1. 1. 1 BIG-IP ASM Comprehensive Application SecurityPresenter
  2. 2. 2Attacks are Moving “Up the Stack” Network Threats Application Threats 90% of security 75% of attacks focused investment focused here here Source: Gartner
  3. 3. 3Almost every web application is vulnerable!• “97% of websites at immediate risk of being hacked due to vulnerabilites! 69% of vulnerabilities are client side-attacks” - Web Application Security Consortium• “8 out of 10 websites vulnerable to attack” - WhiteHat “security report ”• “75 percent of hacks happen at the application.” - Gartner “Security at the Application Level”• “64 percent of developers are not confident in their ability to write secure applications.” - Microsoft Developer Research
  4. 4. 4Figure 2 and 5: 10th Website Security Statistics Report (Q3 2010)
  5. 5. 5How long to resolve a vulnerability? Website Security Statistics Report
  6. 6. 6 Developers are asked to do the impractical...Application Security? Application PatchingApplication ApplicationDevelopment Scalability Application Performance
  7. 7. 7Who is responsible for applicationsecurity? Web developers? Network Security? Engineering services? DBA?
  8. 8. 8Traditional Security Devices vs. WAF Network IPS ASM Firewall Known Web Worms Limited   Unknown Web Worms X Limited  Known Web Vulnerabilities Limited Partial  Unknown Web Vulnerabilities X Limited  Illegal Access to Web-server files Limited X  Forceful Browsing X X  File/Directory Enumerations X Limited  Buffer Overflow Limited Limited  Cross-Site Scripting Limited Limited  SQL/OS Injection X Limited  Cookie Poisoning X X  Hidden-Field Manipulation X X  Parameter Tampering X X  Layer 7 DoS Attacks X X  Brute Force Login Attacks X X  App. Security and Acceleration X X 
  9. 9. 9 Web Application Firewall - ASM Intelligent Client Network Plumbing Application Infrastructure Application Buffer Overflow DDOS Brute Force Cross-Site Scripting SQL/OS Injection Error Messages Cookie Poisoning HTTP/S Traffic Non-compliant ContentHidden-Field Manipulation Credit Card / SSN data Application DoS Attacks Server Fingerprints IPS App User Firewall App VPN Firewall IDS-IDP Anti-Virus
  10. 10. 10 Leading web attack protection BIG-IP Application Security ManagerUsers o Protect from latest web threats o Out-of-the box deployment Web Application o Meeting PCI compliance Security o Quickly resolve vulnerabilities o Improve site performanceWeb Applications Private Public Physical Virtual Multi-Site DCs Cloud
  11. 11. 11Automatic DOS Attack Detection andProtectiono Accurate detection technique – based on latencyo 3 different mitigation techniques escalated seriallyo Focus on higher value productivity while automatic controls intervene Detect a DOS condition Identify potential attackers Drop only the attackers
  12. 12. 12PCI Compliance Reporting PCI DSS reporting: • Details security measures required • Compliancy state • Steps to become compliant
  13. 13. 13Protection from all of the top vulnerabilities• OWASP Top 10 Web Application Security Risks: – A1: Injection – A2: Cross-Site Scripting (XSS) – A3: Broken Authentication and Session Management – A4: Insecure Direct Object References – A5: Cross-Site Request Forgery (CSRF) – A6: Security Misconfiguration – A7: Insecure Cryptographic Storage – A8: Failure to Restrict URL Access – A9: Insufficient Transport Layer Protection – A10: Unvalidated Redirects and Forwards
  14. 14. 14Example: OWASP Top 5 - CSRF Attack CSRF Attack example 1. Mobile user logs in to a trusted site Trusted Web 2. Session is authenticated Encrypted Site Trusted Action 3. User opens a new tab e.g., chat 4. Hacker embeds a request in the chat 5. The trusted link asks the browser to send a request to the hacked site
  15. 15. 15Reporting
  16. 16. 16Application visibility and reportingMonitor URIs for server latency • Troubleshoot server code that causes latency