SlideShare a Scribd company logo

F5 Web Application Security

MarketingArrowECS_CZ
MarketingArrowECS_CZ

Seminář F5 - Bezpečnost webových aplikací 4.5.2017, Praha prezentoval Radovan Gibala, F5 Networks

Technology
1 of 46
Download to read offline
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
© F5 Networks, Inc 2 The New Perimeter Is An App Perimeter Network Threats Application Threats Source: Gartner of attacks are focused here 25% of security investment 90% of attacks are focused here 75% of security investment 10%
© F5 Networks, Inc 3 …resulting in an unprecedented increase in attacks Source of data breaches Source: Based on aggregated data from IT Business Edge, Krebs on Security, Security Week, and CSO Online
© F5 Networks, Inc 4 Common attacks on web applications BIG-IP ASM delivers comprehensive protection against critical web attacks CSRF Cookie manipulation OWASP top 10 Brute force attacks Forceful browsing Buffer overflows Web scraping Parameter tampering SQL injections information leakage Field manipulation Session high jacking Cross-site scripting Zero-day attacks Command injection ClickJacking Bots Business logic flaws
© F5 Networks, Inc 5 Web Application Protection Strategy •  Only protects against known vulnerabilities •  Difficult to enforce; especially with sub-contracted code •  Only periodic updated; large exposure window Web Apps Best Practice Design Methods Automated & Targeted Testing   Done periodically; only as good as the last test   Only checks for known vulnerabilities   Does it find everything?
© F5 Networks, Inc 6 0 20 40 60 80 100 120 140 Cross-Site Scripting Information Leakage Content Spoofing Insufficient Authorization SQL Injection Predicatble Resource Location Session Fixation Cross-Site Request Forgery Insufficient Authentication HTTP Response Spliting How long it takes to resolve a vulnerability? Website Security Statistics Report
© F5 Networks, Inc 7 Web Application Protection Strategy •  Only protects against known vulnerabilities •  Difficult to enforce; especially with sub-contracted code •  Only periodic updated; large exposure window Web Apps Web Application Firewall Best Practice Design Methods Automated & Targeted Testing   Done periodically; only as good as the last test   Only checks for known vulnerabilities   Does it find everything?   Real-time 24 x 7 protection   Enforces Best Practice Methodology   Allows immediate protection against new vulnerabilities
© F5 Networks, Inc 8 Traditional Security Devices vs. WAF Known Web Worms Unknown Web Worms Known Web Vulnerabilities Unknown Web Vulnerabilities Illegal Access to Web-server files Forceful Browsing File/Directory Enumerations Buffer Overflow Cross-Site Scripting SQL/OS Injection Cookie Poisoning Hidden-Field Manipulation Parameter Tampering Layer 7 DoS Attacks Brute Force Login Attacks App. Security and Acceleration ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü WAF X X X X X X X X Network Firewall Limited Limited Limited Limited Limited IPS Limited Partial Limited Limited Limited Limited Limited X X X X ü X X X X X X X
Web Application Firewall
© F5 Networks, Inc 10 Negative vs. Positive Security Model •  Negative Security Model •  Lock Known Attacks •  Everything else is Allowed •  Patches implementation is quick and easy (Protection against Day Zero Attacks) •  Positive Security Model •  (Automatic) Analysis of Web Application •  Allow wanted Transactions •  Everything else is Denied •  Implicit Security against New, yet Unknown Attacks (Day Zero Attacks)
Full Proxy Security
© F5 Networks, Inc 12 Full-proxy architecture iRule iRule iRule TCP SSL HTTP TCP SSL HTTP iRule iRule iRule ICMP flood SYN flood SSL renegotiation Data leakageSlowloris attackXSS Network Firewall WAF WAF
© F5 Networks, Inc 13 Application Access Network Access Network Firewall Network DDoS Protection SSL DDoS Protection DNS DDoS Protection Application DDoS Protection Web Application Firewall Fraud Protection F5 provides comprehensive application security Virtual Patching
Encrypted Traffic Is Increasing Rapidly 50% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Encrypted Web Traffic 2016 2019 Source: “TLS/SSL: Where Are We Today?”, NSS Labs, October 2016
77%
© F5 Networks, Inc 16 Encryption is Not as Simple as ”On/Off” SSL Server Test •  Overall Rating •  Certificate •  Chain, CA •  Protocols •  Ciphers •  Handshake •  Protocol Configuration •  Documentation •  Recommendations •  …
Application Security Manager
© F5 Networks, Inc 18 BIG-IP® Application Security Manager™ Dynamic Multi-Layered  Security •  Turn-on with license key or standalone •  Caching, compression and SSL acceleration included in standalone BIG-IP Local Traffic Manager BIG-IP Application Security Manager Secure response delivered Request made BIG-IP ASM security policy checked Server response generated BIG-IP ASM applies security policy Vulnerable application •  Provides transparent protection from ever changing threats •  Ensure application availability while under attack •  Deployed as a full proxy or transparent full proxy (bridge mode) •  Minimal impact on application performance •  Drop, block or forward request •  Application attack filtering & inspection •  SSL , TCP, HTTP DoS mitigation •  Response inspection for errors and leakage of sensitive information BIG-IP ASM security policy checked
© F5 Networks, Inc 19 BIG-IP Application Security Manager Multiple deployment options Visibility and analysis Comprehensive protections •  Standalone or ADC add-on •  Appliance or Virtual edition •  Manual or automatic policy building •  3rd party DAST integration •  Visibility and analysis •  High speed customizable syslog •  Granular attack details •  Expert attack tracking and profiling •  Policy & compliance reporting •  Integrates with SIEM software •  Full HTTP/S request logging •  Protection web app vulnerabilities including L7 DDoS •  Advanced anti-BOT mitigation •  Integrated XML firewall BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.
Building The Security Policy
© F5 Networks, Inc 21 OBJECT TYPES OBJECT NAMES PARAMETER NAMES PARAMETER VALUES OBJECT FLOWS Required Security Level Tighter Security Posture Typical ‘standard’ starting point
© F5 Networks, Inc 22 Different ways to build a policy Security policy checked Security policy applied DYNAMIC POLICY BUILDER INTEGRATION WITH APP SCANNERS PRE-BUILT POLICIES Automatic •  No knowledge of the app required •  Adjusts policies if app changes Manual •  Advanced configuration for custom policies •  Virtual patching with continuous application scanning •  Out-of-the-box •  Pre-configure and validated •  For mission-critical apps including: Microsoft, Oracle, PeopleSoft
© F5 Networks, Inc 23 Identify, virtually patch, mitigate vulnerabilities Import vulnerabilities into BIG-IP ASM Mitigate web app attacksScan application with a web application security scanner: Hacker Clients •  Generic Scanner •  Qualys •  IBM •  WhiteHat •  Cenzic •  HP WI
© F5 Networks, Inc 24 NSS Labs
ASM Comprehensive Protection
© F5 Networks, Inc 26 Application attacks are inevitable Prepare for application attacks every 23 minutes 95% of breaches through 2018 will be caused by misconfigured firewalls not vulnerabilities (Gartner ) 86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013 75% of internet threats target web servers (2015 Cisco Annual Security Report) 2.3M Bots actively attacking in 2014 Symantec Internet Security Report 2014
© F5 Networks, Inc 27 L7 DDOS Web Scraping Web bot identification XML filtering, validation & mitigation ICAP anti-virus Integration XML Firewall Geolocation blocking Comprehensive Protections BIG-IP ASM extends protection to more than application vulnerabilities ASM
© F5 Networks, Inc 28 Different attack/issue types Application SSL DNS Network
© F5 Networks, Inc 29 DoS is Not a Rocket Science!
BotNet Protection
© F5 Networks, Inc 31 Delivering the most accurate anti-bot, scanner & scraper protection •  Validate user on initial site access with proactive bot defense •  Differentiate between script and browser •  Inspect user interaction with browser & finger print devices •  Distinguish real-user from bot with client integrity checks and captcha challenge •  Mitigate automated attacks, scanners, botnets and intellectual property scrapers •  Detect a persistent scraper that uses multiple IP addresses or a single request session ASM Website Application  Security Web Bot User
© F5 Networks, Inc 32 Defending against automated attacks ASM Website Application  Security Web Bot / Client check BOT identified ALERT & BLOCK •  Performs a variety of checks to distinguish humans from BOTS •  Allows only verified client requests to pass through to app server •  Notifies then drops requests that cannot be verified ASM identifies and blocks automated web scraping and scanning •  Performs rapid surfing analysis of page changes •  Blocks clients making excessive page requests •  Issues captcha challenge on mitigated threats & initial visits •  Detects previously identified browsers & bad IPs •  Disallow web scraping , table captures, & UA Spoofing ext. ASM Bot Protection
© F5 Networks, Inc 33 •  Enables always-on protection that preempts attacks •  Complements existing reactive protections •  Utilizes advances detection methods and techniques CAPTCHA challenges & geolocation enforcement •  Categorize BOTs detected by signature classification to distinguishes good Bots from malicious offenders •  Detect headless browsers that run JS ASM’s unique Proactive Bot defense Web Application Stop automated attacks from ever materializing Defend against automated non-human web scraping, DDoS and Brute force attacks ASM Bot Protection
© F5 Networks, Inc 34 •  Leverages ASM attack signatures in conjunction with ASM bot techniques •  Applied to DOS and ASM policies with support for custom bots signatures and custom categories •  Updates like the ASM attack signatures Reporting •  Visible in DoS charts & custom widgets •  New Bot drilldown screen per category or per individual bot Signature-based bot categorization/classification Helps identify and protect against L7 anomaly-based attacks Gain visibility to Bot-generated traffic Reduce server strain caused by bots Block vulnerability scanners, rendering them blind Block BotNets during DoS attacks Web Application The value delivered
© F5 Networks, Inc 35 •  ASM injects a JS challenge with obfuscated cookie •  Legitimate browsers resend the request with cookie •  ASM checks and validates the cookie •  Requests with valid signed cookie are then passed through to the server •  Invalidated requests are dropped or terminated •  Cookie expiration and client IP address are enforced – no replay attacks •  Prevented attacks will be reported and logged w/o detected attack 1st time request to web server ASM Proactive Bot defense: How it Works Internet Web Application Legitimate browser verification No challenge response from bots BOTS ARE DROPPED ASM responds with injected JS challenge. Request is not passed to server JS challenge placed in browser -  ASM verifies response authenticity -  Cookie is signed, time stamped and finger printed Valid requests are passed to the server Browser responds to challenge & resends request Continuous invalid bot attempts are blocked Valid browser requests bypass challenge w/ future requests ASM Bot Protection
© F5 Networks, Inc 36 •  iRules commands enable customized action on bots detected •  Launches against Proactive Bot Defense DoS events •  Provides the control needed to ensure accuracy of threat detection •  Use it to … o  retrieve the data processed by Bot Defense mechanism, o  query and override URL qualification, o  force logging and challenges, o  Customize an HTML redirect iRules enhanced Bot protection Delivers increased granularity to the bot detection process # EXAMPLE 1: Bypassing enforcement on URL pattern when BOTDEFENSE_ACTION { if {[HTTP::uri] starts_with "/t/"} { log local0. "bypassing enforcement for URI [HTTP::uri]" set res [BOTDEFENSE::action allow] log local0. "set action to allow, result "$res"" log local0. "resulting action [BOTDEFENSE::action] reason "[BOTDEFENSE::reason]"" } } # EXAMPLE 2: Instead of blocking the request with TCP RST, respond with a # blocking-page when BOTDEFENSE_ACTION { if {[BOTDEFENSE::action] eq "tcp_rst"} { # if the custom_response action fails, the tcp_rst action will remain, # so we don't need to check the return string in this case BOTDEFENSE::action custom_response "sorryni am blocking youn" } } # EXAMPLE 3: Force the browser_challenge to be sent to the client on the login # page, even if the cookie is valid (may be used to force the renewal of the # Bot Defense cookie) when BOTDEFENSE_ACTION { if { ([HTTP::uri] eq "/t/login.php") && ([BOTDEFENSE::action] eq "allow") && (not ([BOTDEFENSE::reason] starts_with "passed browser challenge"))} { BOTDEFENSE::action browser_challenge } } ASM Bot Protection
© F5 Networks, Inc 37 Browser finger printing and device ID •  Uniquely protects against session hijacking by matching cookies with device ID •  Captures unique device characteristics for bots, DoS attacks, headless browsers and human users. •  Identifies repeat visitors learning their traffic patterns, even in the case users switched sessions or source IP’s. •  Applies to brute force, volumetric DDoS, session hijacking protections and proactive bot defense •  Thwart tracking evasion attempts by bots and scrapers Accurately track good and bad actors wherever they go
© F5 Networks, Inc 38 How it works • Runs client-side code that collects various attributes about the client. • Attributes are summed up to a hash which we call a fingerprint. • A cache of those fingerprints is stored on BIG-IP, and used to persistently identify clients when preventing from Web Scraping. •  Activates DeviceID tracking from a check box when proactive defense is not used •  Clients with JS disabled will be blocked Browser finger printing and device ID More accurately prevents webscraping
Reporting
© F5 Networks, Inc 40 ASM Request List Events Log •  View the full request itself, the violation rating and any associated violations  •  Immediately discern request status (i.e., legal or illegal, blocked, truncated, or has a response) •  Drill down to view detailed descriptions of the violations and potential attacks.  •  Accept trusted violations •  Quickly identify events requiring immediate attention •  Easily distinguish false positives and negatives •  Enables the novice users to understand the severity of an event •  Alleviate cycles spent on F/P and F/N Violation ratings highlighting priority violations
© F5 Networks, Inc 41 Consolidated view of attacks and mitigation •  See real time summary of active policies & attacks •  Understand ASM Health and network/traffic stats •  View data by different criteria in graphical reports. •  Get top 10 entity reports Security Overview Screen TOP 10 ENTITIES Drill down and filter all AVR HTTP entities Statistics concerning attack types, violations, and anomalies, traffic summaries
© F5 Networks, Inc 42 ASM resource consumption reporting Ensures application security when ASM resources are burdened •  Predictive information communicated includes: •  pending requests •  CPU utilization – updated every 1 minute •  memory utilization – updated every 5 minutes •  ASM bypass information – updated every 5 minutes •  The plug-in queue utilization •  User can set specific alert types and threshold values for events •  Leverages REST API publishing framework in AVR •  Requires cloud orchestration to trigger action in external security service (BIG_IQ) ASM health statistics & charts New in BIG-IP 12.0
© F5 Networks, Inc 43 Maintaining PCI Compliance •  Shows each security measure and policy required for PCI-DSS compliance 3.0 •  Create printable versions of PCI compliance reports for each web application •  Provides guidance to bring flagged items into compliance •  Click quick links to adjust the non- compliant settings. Quickly discern your state of compliance
© F5 Networks, Inc 45 Telecom Operator: LB, SSL offload, TV portal protection Users Data Center Solution highlights •  Advanced load-balancing and session stickiness •  iRules for prevention of STB traffic storms (rate limiting) and SSL vulnerabilities •  SSL offload for application and control plane data •  Web application FW (ASM) for Live TV application protection including brute force login page protection (against password guessing) – block access to login page after x failed attempts for configured period of time, etc. Operator’s Benefits •  Better user experience due to TCP optimisation (network latency, throughput increase) •  A solution for prevention of STB authentication storms •  Protection of TV portal against attacks •  Consolidated solution load-balancing + Web application FW on single platform Streaming Servers Advanced LB STB storm protection SSL offload Web Application FW BIG-IP Portal, EPG, …
© F5 Networks, Inc 46 Financial organisation protected by F5 ASM & AFM Leveraged Compliance & Consolidation Drivers: •  Cisco Replacement •  Regulation demand for application security •  Regulation demand for dual FW vendors Competition: •  IPS technology •  FW vendors •  WAF Vendors Why we won: •  Early engagement to the process •  Differentiate between IPS & WAF •  Consolidate solution – LB/WAF/FW on same unit •  CAPEX / OPEX trade off from consolidation •  Presentation, demo and prove of the solution •  Excellent customer relationship with local account team •  Strong partner collaboration Additional benefit to F5: •  Future potential for Anti-Fraud solutions •  Professional services implementation

Recommended

F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 

Recommended

F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancerxKinAnx
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Forti web
Forti webForti web
Forti webLan & Wan Solutions
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Soc
SocSoc
SocMukesh Chaudhari
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricDATA SECURITY SOLUTIONS
 
Firewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesFirewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesCYLK IT Solutions
 

More Related Content

What's hot

An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 

What's hot (20)

An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Forti web
Forti webForti web
Forti web
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Soc
SocSoc
Soc
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 

Similar to F5 Web Application Security

Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricDATA SECURITY SOLUTIONS
 
Firewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesFirewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesCYLK IT Solutions
 
F5 XC Distributed cloud Security and Application Delievery
F5 XC Distributed cloud Security and Application DelieveryF5 XC Distributed cloud Security and Application Delievery
F5 XC Distributed cloud Security and Application Delieverystkannan1
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Scott Sims
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngSecurity Bootcamp
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyCloudflare
 
Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!Distil Networks
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015IBM Security
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
 

Similar to F5 Web Application Security (20)

Protecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabricProtecting web aplications with machine learning and security fabric
Protecting web aplications with machine learning and security fabric
 
Firewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicaçõesFirewall seguro, proteção para aplicações
Firewall seguro, proteção para aplicações
 
F5 XC Distributed cloud Security and Application Delievery
F5 XC Distributed cloud Security and Application DelieveryF5 XC Distributed cloud Security and Application Delievery
F5 XC Distributed cloud Security and Application Delievery
 
Forti web
Forti webForti web
Forti web
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Solution Brief
Solution BriefSolution Brief
Solution Brief
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud Journey
 
Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!Tune in for the Ultimate WAF Torture Test: Bots Attack!
Tune in for the Ultimate WAF Torture Test: Bots Attack!
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
7 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 20157 Ways to Stay 7 Years Ahead of the Threat 2015
7 Ways to Stay 7 Years Ahead of the Threat 2015
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 
Novinky F5
Novinky F5Novinky F5
Novinky F5
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 

More from MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfMarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaMarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceMarketingArrowECS_CZ
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeMarketingArrowECS_CZ
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle softwareMarketingArrowECS_CZ
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?MarketingArrowECS_CZ
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoMarketingArrowECS_CZ
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. částMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částMarketingArrowECS_CZ
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyMarketingArrowECS_CZ
 

More from MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

F5 Web Application Security

  • 1. Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
  • 2. © F5 Networks, Inc 2 The New Perimeter Is An App Perimeter Network Threats Application Threats Source: Gartner of attacks are focused here 25% of security investment 90% of attacks are focused here 75% of security investment 10%
  • 3. © F5 Networks, Inc 3 …resulting in an unprecedented increase in attacks Source of data breaches Source: Based on aggregated data from IT Business Edge, Krebs on Security, Security Week, and CSO Online
  • 4. © F5 Networks, Inc 4 Common attacks on web applications BIG-IP ASM delivers comprehensive protection against critical web attacks CSRF Cookie manipulation OWASP top 10 Brute force attacks Forceful browsing Buffer overflows Web scraping Parameter tampering SQL injections information leakage Field manipulation Session high jacking Cross-site scripting Zero-day attacks Command injection ClickJacking Bots Business logic flaws
  • 5. © F5 Networks, Inc 5 Web Application Protection Strategy •  Only protects against known vulnerabilities •  Difficult to enforce; especially with sub-contracted code •  Only periodic updated; large exposure window Web Apps Best Practice Design Methods Automated & Targeted Testing   Done periodically; only as good as the last test   Only checks for known vulnerabilities   Does it find everything?
  • 6. © F5 Networks, Inc 6 0 20 40 60 80 100 120 140 Cross-Site Scripting Information Leakage Content Spoofing Insufficient Authorization SQL Injection Predicatble Resource Location Session Fixation Cross-Site Request Forgery Insufficient Authentication HTTP Response Spliting How long it takes to resolve a vulnerability? Website Security Statistics Report
  • 7. © F5 Networks, Inc 7 Web Application Protection Strategy •  Only protects against known vulnerabilities •  Difficult to enforce; especially with sub-contracted code •  Only periodic updated; large exposure window Web Apps Web Application Firewall Best Practice Design Methods Automated & Targeted Testing   Done periodically; only as good as the last test   Only checks for known vulnerabilities   Does it find everything?   Real-time 24 x 7 protection   Enforces Best Practice Methodology   Allows immediate protection against new vulnerabilities
  • 8. © F5 Networks, Inc 8 Traditional Security Devices vs. WAF Known Web Worms Unknown Web Worms Known Web Vulnerabilities Unknown Web Vulnerabilities Illegal Access to Web-server files Forceful Browsing File/Directory Enumerations Buffer Overflow Cross-Site Scripting SQL/OS Injection Cookie Poisoning Hidden-Field Manipulation Parameter Tampering Layer 7 DoS Attacks Brute Force Login Attacks App. Security and Acceleration ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü WAF X X X X X X X X Network Firewall Limited Limited Limited Limited Limited IPS Limited Partial Limited Limited Limited Limited Limited X X X X ü X X X X X X X
  • 10. © F5 Networks, Inc 10 Negative vs. Positive Security Model •  Negative Security Model •  Lock Known Attacks •  Everything else is Allowed •  Patches implementation is quick and easy (Protection against Day Zero Attacks) •  Positive Security Model •  (Automatic) Analysis of Web Application •  Allow wanted Transactions •  Everything else is Denied •  Implicit Security against New, yet Unknown Attacks (Day Zero Attacks)
  • 12. © F5 Networks, Inc 12 Full-proxy architecture iRule iRule iRule TCP SSL HTTP TCP SSL HTTP iRule iRule iRule ICMP flood SYN flood SSL renegotiation Data leakageSlowloris attackXSS Network Firewall WAF WAF
  • 13. © F5 Networks, Inc 13 Application Access Network Access Network Firewall Network DDoS Protection SSL DDoS Protection DNS DDoS Protection Application DDoS Protection Web Application Firewall Fraud Protection F5 provides comprehensive application security Virtual Patching
  • 14. Encrypted Traffic Is Increasing Rapidly 50% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Encrypted Web Traffic 2016 2019 Source: “TLS/SSL: Where Are We Today?”, NSS Labs, October 2016
  • 15. 77%
  • 16. © F5 Networks, Inc 16 Encryption is Not as Simple as ”On/Off” SSL Server Test •  Overall Rating •  Certificate •  Chain, CA •  Protocols •  Ciphers •  Handshake •  Protocol Configuration •  Documentation •  Recommendations •  …
  • 18. © F5 Networks, Inc 18 BIG-IP® Application Security Manager™ Dynamic Multi-Layered  Security •  Turn-on with license key or standalone •  Caching, compression and SSL acceleration included in standalone BIG-IP Local Traffic Manager BIG-IP Application Security Manager Secure response delivered Request made BIG-IP ASM security policy checked Server response generated BIG-IP ASM applies security policy Vulnerable application •  Provides transparent protection from ever changing threats •  Ensure application availability while under attack •  Deployed as a full proxy or transparent full proxy (bridge mode) •  Minimal impact on application performance •  Drop, block or forward request •  Application attack filtering & inspection •  SSL , TCP, HTTP DoS mitigation •  Response inspection for errors and leakage of sensitive information BIG-IP ASM security policy checked
  • 19. © F5 Networks, Inc 19 BIG-IP Application Security Manager Multiple deployment options Visibility and analysis Comprehensive protections •  Standalone or ADC add-on •  Appliance or Virtual edition •  Manual or automatic policy building •  3rd party DAST integration •  Visibility and analysis •  High speed customizable syslog •  Granular attack details •  Expert attack tracking and profiling •  Policy & compliance reporting •  Integrates with SIEM software •  Full HTTP/S request logging •  Protection web app vulnerabilities including L7 DDoS •  Advanced anti-BOT mitigation •  Integrated XML firewall BIG-IP ® ASM™ protects the applications your business relies on most and scales to meet changing demands.
  • 21. © F5 Networks, Inc 21 OBJECT TYPES OBJECT NAMES PARAMETER NAMES PARAMETER VALUES OBJECT FLOWS Required Security Level Tighter Security Posture Typical ‘standard’ starting point
  • 22. © F5 Networks, Inc 22 Different ways to build a policy Security policy checked Security policy applied DYNAMIC POLICY BUILDER INTEGRATION WITH APP SCANNERS PRE-BUILT POLICIES Automatic •  No knowledge of the app required •  Adjusts policies if app changes Manual •  Advanced configuration for custom policies •  Virtual patching with continuous application scanning •  Out-of-the-box •  Pre-configure and validated •  For mission-critical apps including: Microsoft, Oracle, PeopleSoft
  • 23. © F5 Networks, Inc 23 Identify, virtually patch, mitigate vulnerabilities Import vulnerabilities into BIG-IP ASM Mitigate web app attacksScan application with a web application security scanner: Hacker Clients •  Generic Scanner •  Qualys •  IBM •  WhiteHat •  Cenzic •  HP WI
  • 24. © F5 Networks, Inc 24 NSS Labs
  • 26. © F5 Networks, Inc 26 Application attacks are inevitable Prepare for application attacks every 23 minutes 95% of breaches through 2018 will be caused by misconfigured firewalls not vulnerabilities (Gartner ) 86% of websites has at least 1 vulnerability and an average of 56 per website WhiteHat Security Statistics Report 2013 75% of internet threats target web servers (2015 Cisco Annual Security Report) 2.3M Bots actively attacking in 2014 Symantec Internet Security Report 2014
  • 27. © F5 Networks, Inc 27 L7 DDOS Web Scraping Web bot identification XML filtering, validation & mitigation ICAP anti-virus Integration XML Firewall Geolocation blocking Comprehensive Protections BIG-IP ASM extends protection to more than application vulnerabilities ASM
  • 28. © F5 Networks, Inc 28 Different attack/issue types Application SSL DNS Network
  • 29. © F5 Networks, Inc 29 DoS is Not a Rocket Science!
  • 31. © F5 Networks, Inc 31 Delivering the most accurate anti-bot, scanner & scraper protection •  Validate user on initial site access with proactive bot defense •  Differentiate between script and browser •  Inspect user interaction with browser & finger print devices •  Distinguish real-user from bot with client integrity checks and captcha challenge •  Mitigate automated attacks, scanners, botnets and intellectual property scrapers •  Detect a persistent scraper that uses multiple IP addresses or a single request session ASM Website Application  Security Web Bot User
  • 32. © F5 Networks, Inc 32 Defending against automated attacks ASM Website Application  Security Web Bot / Client check BOT identified ALERT & BLOCK •  Performs a variety of checks to distinguish humans from BOTS •  Allows only verified client requests to pass through to app server •  Notifies then drops requests that cannot be verified ASM identifies and blocks automated web scraping and scanning •  Performs rapid surfing analysis of page changes •  Blocks clients making excessive page requests •  Issues captcha challenge on mitigated threats & initial visits •  Detects previously identified browsers & bad IPs •  Disallow web scraping , table captures, & UA Spoofing ext. ASM Bot Protection
  • 33. © F5 Networks, Inc 33 •  Enables always-on protection that preempts attacks •  Complements existing reactive protections •  Utilizes advances detection methods and techniques CAPTCHA challenges & geolocation enforcement •  Categorize BOTs detected by signature classification to distinguishes good Bots from malicious offenders •  Detect headless browsers that run JS ASM’s unique Proactive Bot defense Web Application Stop automated attacks from ever materializing Defend against automated non-human web scraping, DDoS and Brute force attacks ASM Bot Protection
  • 34. © F5 Networks, Inc 34 •  Leverages ASM attack signatures in conjunction with ASM bot techniques •  Applied to DOS and ASM policies with support for custom bots signatures and custom categories •  Updates like the ASM attack signatures Reporting •  Visible in DoS charts & custom widgets •  New Bot drilldown screen per category or per individual bot Signature-based bot categorization/classification Helps identify and protect against L7 anomaly-based attacks Gain visibility to Bot-generated traffic Reduce server strain caused by bots Block vulnerability scanners, rendering them blind Block BotNets during DoS attacks Web Application The value delivered
  • 35. © F5 Networks, Inc 35 •  ASM injects a JS challenge with obfuscated cookie •  Legitimate browsers resend the request with cookie •  ASM checks and validates the cookie •  Requests with valid signed cookie are then passed through to the server •  Invalidated requests are dropped or terminated •  Cookie expiration and client IP address are enforced – no replay attacks •  Prevented attacks will be reported and logged w/o detected attack 1st time request to web server ASM Proactive Bot defense: How it Works Internet Web Application Legitimate browser verification No challenge response from bots BOTS ARE DROPPED ASM responds with injected JS challenge. Request is not passed to server JS challenge placed in browser -  ASM verifies response authenticity -  Cookie is signed, time stamped and finger printed Valid requests are passed to the server Browser responds to challenge & resends request Continuous invalid bot attempts are blocked Valid browser requests bypass challenge w/ future requests ASM Bot Protection
  • 36. © F5 Networks, Inc 36 •  iRules commands enable customized action on bots detected •  Launches against Proactive Bot Defense DoS events •  Provides the control needed to ensure accuracy of threat detection •  Use it to … o  retrieve the data processed by Bot Defense mechanism, o  query and override URL qualification, o  force logging and challenges, o  Customize an HTML redirect iRules enhanced Bot protection Delivers increased granularity to the bot detection process # EXAMPLE 1: Bypassing enforcement on URL pattern when BOTDEFENSE_ACTION { if {[HTTP::uri] starts_with "/t/"} { log local0. "bypassing enforcement for URI [HTTP::uri]" set res [BOTDEFENSE::action allow] log local0. "set action to allow, result "$res"" log local0. "resulting action [BOTDEFENSE::action] reason "[BOTDEFENSE::reason]"" } } # EXAMPLE 2: Instead of blocking the request with TCP RST, respond with a # blocking-page when BOTDEFENSE_ACTION { if {[BOTDEFENSE::action] eq "tcp_rst"} { # if the custom_response action fails, the tcp_rst action will remain, # so we don't need to check the return string in this case BOTDEFENSE::action custom_response "sorryni am blocking youn" } } # EXAMPLE 3: Force the browser_challenge to be sent to the client on the login # page, even if the cookie is valid (may be used to force the renewal of the # Bot Defense cookie) when BOTDEFENSE_ACTION { if { ([HTTP::uri] eq "/t/login.php") && ([BOTDEFENSE::action] eq "allow") && (not ([BOTDEFENSE::reason] starts_with "passed browser challenge"))} { BOTDEFENSE::action browser_challenge } } ASM Bot Protection
  • 37. © F5 Networks, Inc 37 Browser finger printing and device ID •  Uniquely protects against session hijacking by matching cookies with device ID •  Captures unique device characteristics for bots, DoS attacks, headless browsers and human users. •  Identifies repeat visitors learning their traffic patterns, even in the case users switched sessions or source IP’s. •  Applies to brute force, volumetric DDoS, session hijacking protections and proactive bot defense •  Thwart tracking evasion attempts by bots and scrapers Accurately track good and bad actors wherever they go
  • 38. © F5 Networks, Inc 38 How it works • Runs client-side code that collects various attributes about the client. • Attributes are summed up to a hash which we call a fingerprint. • A cache of those fingerprints is stored on BIG-IP, and used to persistently identify clients when preventing from Web Scraping. •  Activates DeviceID tracking from a check box when proactive defense is not used •  Clients with JS disabled will be blocked Browser finger printing and device ID More accurately prevents webscraping
  • 40. © F5 Networks, Inc 40 ASM Request List Events Log •  View the full request itself, the violation rating and any associated violations  •  Immediately discern request status (i.e., legal or illegal, blocked, truncated, or has a response) •  Drill down to view detailed descriptions of the violations and potential attacks.  •  Accept trusted violations •  Quickly identify events requiring immediate attention •  Easily distinguish false positives and negatives •  Enables the novice users to understand the severity of an event •  Alleviate cycles spent on F/P and F/N Violation ratings highlighting priority violations
  • 41. © F5 Networks, Inc 41 Consolidated view of attacks and mitigation •  See real time summary of active policies & attacks •  Understand ASM Health and network/traffic stats •  View data by different criteria in graphical reports. •  Get top 10 entity reports Security Overview Screen TOP 10 ENTITIES Drill down and filter all AVR HTTP entities Statistics concerning attack types, violations, and anomalies, traffic summaries
  • 42. © F5 Networks, Inc 42 ASM resource consumption reporting Ensures application security when ASM resources are burdened •  Predictive information communicated includes: •  pending requests •  CPU utilization – updated every 1 minute •  memory utilization – updated every 5 minutes •  ASM bypass information – updated every 5 minutes •  The plug-in queue utilization •  User can set specific alert types and threshold values for events •  Leverages REST API publishing framework in AVR •  Requires cloud orchestration to trigger action in external security service (BIG_IQ) ASM health statistics & charts New in BIG-IP 12.0
  • 43. © F5 Networks, Inc 43 Maintaining PCI Compliance •  Shows each security measure and policy required for PCI-DSS compliance 3.0 •  Create printable versions of PCI compliance reports for each web application •  Provides guidance to bring flagged items into compliance •  Click quick links to adjust the non- compliant settings. Quickly discern your state of compliance
  • 44.
  • 45. © F5 Networks, Inc 45 Telecom Operator: LB, SSL offload, TV portal protection Users Data Center Solution highlights •  Advanced load-balancing and session stickiness •  iRules for prevention of STB traffic storms (rate limiting) and SSL vulnerabilities •  SSL offload for application and control plane data •  Web application FW (ASM) for Live TV application protection including brute force login page protection (against password guessing) – block access to login page after x failed attempts for configured period of time, etc. Operator’s Benefits •  Better user experience due to TCP optimisation (network latency, throughput increase) •  A solution for prevention of STB authentication storms •  Protection of TV portal against attacks •  Consolidated solution load-balancing + Web application FW on single platform Streaming Servers Advanced LB STB storm protection SSL offload Web Application FW BIG-IP Portal, EPG, …
  • 46. © F5 Networks, Inc 46 Financial organisation protected by F5 ASM & AFM Leveraged Compliance & Consolidation Drivers: •  Cisco Replacement •  Regulation demand for application security •  Regulation demand for dual FW vendors Competition: •  IPS technology •  FW vendors •  WAF Vendors Why we won: •  Early engagement to the process •  Differentiate between IPS & WAF •  Consolidate solution – LB/WAF/FW on same unit •  CAPEX / OPEX trade off from consolidation •  Presentation, demo and prove of the solution •  Excellent customer relationship with local account team •  Strong partner collaboration Additional benefit to F5: •  Future potential for Anti-Fraud solutions •  Professional services implementation