SlideShare a Scribd company logo

OWASP ESAPI WAF AppSec DC 2009

Download as PPTX, PDF
L
llamakong

A presentation and demo of the ESAPI web application firewall component released at OWASP AppSec DC 2009.

Technology
1 of 24
Title of Presentation Name Title Company Name
OWASP ESAPI WAF Developed by Arshan Dabirsiaghi (w/ Jeff Williams) A sub-project under the ESAPI umbrella The Star Trek: TNG of WAFs Robust Usable Free Open Source Performant Pragmatic
“Yeah, well I hate WAFs” Perfect! Me too.
WAFs were for Federalists (part 1) Development Team A Development Team B Security Team Development Team C
WAFs were for Federalists (part 2) Development Team A Development Team B Development Team C
Why fix in ESAPI WAF vs. fix in code?
Why fix in ESAPI WAF vs. fix in code?
Advantages of Application-Layer WAFs Performance – only your rules are checked, plus state is already managed by the app server Capability – being closer to the app lets us do more and I can’t wait to tell you about it Process – rules are closer to application owner, shortening discovery-to-patch time, also fix-to-patch-removal time
Principle: Make common tasks easy, uncommon tasks possible Easy! <virtual-patches> <virtual-patch id=“bugtracker-id-1234" path="/vulnerable.do" variable="request.parameters.bar" pattern="[0-9a-zA-Z]*" message="zmg attax" /> </virtual-patches> Possible… still easy! <bean-shell-rules> <bean-shell-script id=“user-lockout-rule" file=“/enforce_user_lockout.bsh" stage="before-request-body"/> </bean-shell-rules> import org.acme.user.*; User user = session.getAttribute(“u”); If ( user.isLocked() ) action = new RedirectAction();
Fixing Injection Flaws
Business Logic Flaws /viewAccount?id=1826 /admin/shutdown /ws/ImptWebService.rest
Adding “Outbound” Security ,[object Object]
Set uniform content-type,[object Object]
Meet JForum 2.1.8 Awesome, free, fully featured forum software. 4 hours of code review/pen testing: 10 findings
<virtual-patch/>
<virtual-patch/> <virtual-patch/> <add-http-only-flag>
<virtual-patch/> <add-http-only-flag> <add-header/>
<virtual-patch/> <add-http-only-flag> <add-header/> <bean-shell-rule/>
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/2.0-rc3/index.html JavaDocs
http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/OWASP%20ESAPI%20WAF%20Configuration%20Guide.pdf Policy file specification
OWASP ESAPI WAF AVAILABLE NOW! $0 Arshan Dabirsiaghi Director of Research, Aspect Security @nahsra, i8<messiah>.com http://www.aspectsecurity.com/

Recommended

Splunk'ing JIRA for deep insights into application, database, and server heal...
Splunk'ing JIRA for deep insights into application, database, and server heal...Splunk'ing JIRA for deep insights into application, database, and server heal...
Splunk'ing JIRA for deep insights into application, database, and server heal...Cprime
 
Automating Web Analytics
Automating Web AnalyticsAutomating Web Analytics
Automating Web AnalyticsAnand Bagmar
 
Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...
Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...
Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...Atlassian
 
Integration Testing in Enterprises using TaaS
Integration Testing in Enterprises using TaaSIntegration Testing in Enterprises using TaaS
Integration Testing in Enterprises using TaaSAnand Bagmar
 
What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?Anand Bagmar
 
10x Test Coverage, Less Drama: Shift Left Functional & Performance Testing
10x Test Coverage, Less Drama: Shift Left Functional & Performance Testing10x Test Coverage, Less Drama: Shift Left Functional & Performance Testing
10x Test Coverage, Less Drama: Shift Left Functional & Performance TestingSauce Labs
 
Your API is not a Website!
Your API is not a Website!Your API is not a Website!
Your API is not a Website!Apigee | Google Cloud
 
Tear Up Your Roadmap and Get Out of the Building
Tear Up Your Roadmap and Get Out of the BuildingTear Up Your Roadmap and Get Out of the Building
Tear Up Your Roadmap and Get Out of the BuildingAtlassian
 

Recommended

Splunk'ing JIRA for deep insights into application, database, and server heal...
Splunk'ing JIRA for deep insights into application, database, and server heal...Splunk'ing JIRA for deep insights into application, database, and server heal...
Splunk'ing JIRA for deep insights into application, database, and server heal...Cprime
 
Automating Web Analytics
Automating Web AnalyticsAutomating Web Analytics
Automating Web AnalyticsAnand Bagmar
 
Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...
Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...
Not All Heroes Wear Capes: Skills and Tools Helpful in Becoming a Support Sup...Atlassian
 
Integration Testing in Enterprises using TaaS
Integration Testing in Enterprises using TaaSIntegration Testing in Enterprises using TaaS
Integration Testing in Enterprises using TaaSAnand Bagmar
 
What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?Anand Bagmar
 
10x Test Coverage, Less Drama: Shift Left Functional & Performance Testing
10x Test Coverage, Less Drama: Shift Left Functional & Performance Testing10x Test Coverage, Less Drama: Shift Left Functional & Performance Testing
10x Test Coverage, Less Drama: Shift Left Functional & Performance TestingSauce Labs
 
Your API is not a Website!
Your API is not a Website!Your API is not a Website!
Your API is not a Website!Apigee | Google Cloud
 
Tear Up Your Roadmap and Get Out of the Building
Tear Up Your Roadmap and Get Out of the BuildingTear Up Your Roadmap and Get Out of the Building
Tear Up Your Roadmap and Get Out of the BuildingAtlassian
 
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015Agile Ukraine
 
Ug. marketplace testing
Ug. marketplace testingUg. marketplace testing
Ug. marketplace testingТранслируем.бел
 
Visual Validation - The Missing Tip of the Automation Pyramid
Visual Validation - The Missing Tip of the Automation PyramidVisual Validation - The Missing Tip of the Automation Pyramid
Visual Validation - The Missing Tip of the Automation PyramidAnand Bagmar
 
Continuous Integration In The Cloud Final (1)
Continuous Integration In The Cloud Final (1)Continuous Integration In The Cloud Final (1)
Continuous Integration In The Cloud Final (1)Alexis Williams
 
Native iphone app test automation with appium
Native iphone app test automation with appiumNative iphone app test automation with appium
Native iphone app test automation with appiumJames Eisenhauer
 
Java Test Automation for REST, Web and Mobile
Java Test Automation for REST, Web and MobileJava Test Automation for REST, Web and Mobile
Java Test Automation for REST, Web and MobileElias Nogueira
 
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"QASymphony
 
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...QASymphony
 
Advocating Adoption: Best Practices for User-Friendly Jira Configurations
Advocating Adoption: Best Practices for User-Friendly Jira ConfigurationsAdvocating Adoption: Best Practices for User-Friendly Jira Configurations
Advocating Adoption: Best Practices for User-Friendly Jira ConfigurationsAtlassian
 
What DevOps means for QA Teams
What DevOps means for QA TeamsWhat DevOps means for QA Teams
What DevOps means for QA TeamsChris Riley ☁
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Anand Bagmar
 
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN UsersAn Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN UsersAtlassian
 
London SF Developers: Custom Lightning Component Error Handling
London SF Developers: Custom Lightning Component Error HandlingLondon SF Developers: Custom Lightning Component Error Handling
London SF Developers: Custom Lightning Component Error HandlingRichard Clark
 
What is WAAT?
What is WAAT?What is WAAT?
What is WAAT?Anand Bagmar
 
AQA TALKS 4 - AUTOMATION TEST REPORTER
AQA TALKS 4 - AUTOMATION TEST REPORTERAQA TALKS 4 - AUTOMATION TEST REPORTER
AQA TALKS 4 - AUTOMATION TEST REPORTERTaras Lytvyn
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Anand Bagmar
 
Testing lightning components feb 15th 2018
Testing lightning components feb 15th 2018Testing lightning components feb 15th 2018
Testing lightning components feb 15th 2018Richard Clark
 
Accelerating DevOps Collaboration with Sauce Labs and JIRA
Accelerating DevOps Collaboration with Sauce Labs and JIRAAccelerating DevOps Collaboration with Sauce Labs and JIRA
Accelerating DevOps Collaboration with Sauce Labs and JIRASauce Labs
 
How to pass a coding interview as an automation developer talk - Oct 17 2016
How to pass a coding interview as an automation developer talk - Oct 17 2016How to pass a coding interview as an automation developer talk - Oct 17 2016
How to pass a coding interview as an automation developer talk - Oct 17 2016Thomas F. "T.J." Maher Jr.
 
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...Federico Toledo
 
AppTrana Competency Matrix for OWASP Top 10
AppTrana Competency Matrix for OWASP Top 10AppTrana Competency Matrix for OWASP Top 10
AppTrana Competency Matrix for OWASP Top 10IndusfacePvtLtd
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierHarvard Web Working Group
 

More Related Content

What's hot

Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015Agile Ukraine
 
Visual Validation - The Missing Tip of the Automation Pyramid
Visual Validation - The Missing Tip of the Automation PyramidVisual Validation - The Missing Tip of the Automation Pyramid
Visual Validation - The Missing Tip of the Automation PyramidAnand Bagmar
 
Continuous Integration In The Cloud Final (1)
Continuous Integration In The Cloud Final (1)Continuous Integration In The Cloud Final (1)
Continuous Integration In The Cloud Final (1)Alexis Williams
 
Native iphone app test automation with appium
Native iphone app test automation with appiumNative iphone app test automation with appium
Native iphone app test automation with appiumJames Eisenhauer
 
Java Test Automation for REST, Web and Mobile
Java Test Automation for REST, Web and MobileJava Test Automation for REST, Web and Mobile
Java Test Automation for REST, Web and MobileElias Nogueira
 
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"QASymphony
 
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...QASymphony
 
Advocating Adoption: Best Practices for User-Friendly Jira Configurations
Advocating Adoption: Best Practices for User-Friendly Jira ConfigurationsAdvocating Adoption: Best Practices for User-Friendly Jira Configurations
Advocating Adoption: Best Practices for User-Friendly Jira ConfigurationsAtlassian
 
What DevOps means for QA Teams
What DevOps means for QA TeamsWhat DevOps means for QA Teams
What DevOps means for QA TeamsChris Riley ☁
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Anand Bagmar
 
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN UsersAn Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN UsersAtlassian
 
London SF Developers: Custom Lightning Component Error Handling
London SF Developers: Custom Lightning Component Error HandlingLondon SF Developers: Custom Lightning Component Error Handling
London SF Developers: Custom Lightning Component Error HandlingRichard Clark
 
AQA TALKS 4 - AUTOMATION TEST REPORTER
AQA TALKS 4 - AUTOMATION TEST REPORTERAQA TALKS 4 - AUTOMATION TEST REPORTER
AQA TALKS 4 - AUTOMATION TEST REPORTERTaras Lytvyn
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Anand Bagmar
 
Testing lightning components feb 15th 2018
Testing lightning components feb 15th 2018Testing lightning components feb 15th 2018
Testing lightning components feb 15th 2018Richard Clark
 
Accelerating DevOps Collaboration with Sauce Labs and JIRA
Accelerating DevOps Collaboration with Sauce Labs and JIRAAccelerating DevOps Collaboration with Sauce Labs and JIRA
Accelerating DevOps Collaboration with Sauce Labs and JIRASauce Labs
 
How to pass a coding interview as an automation developer talk - Oct 17 2016
How to pass a coding interview as an automation developer talk - Oct 17 2016How to pass a coding interview as an automation developer talk - Oct 17 2016
How to pass a coding interview as an automation developer talk - Oct 17 2016Thomas F. "T.J." Maher Jr.
 
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...Federico Toledo
 

What's hot (20)

Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
Continuous Delivery by Alexey Turchanikov @ AgilePizza, Kyiv 2015
 
Ug. marketplace testing
Ug. marketplace testingUg. marketplace testing
Ug. marketplace testing
 
Visual Validation - The Missing Tip of the Automation Pyramid
Visual Validation - The Missing Tip of the Automation PyramidVisual Validation - The Missing Tip of the Automation Pyramid
Visual Validation - The Missing Tip of the Automation Pyramid
 
Continuous Integration In The Cloud Final (1)
Continuous Integration In The Cloud Final (1)Continuous Integration In The Cloud Final (1)
Continuous Integration In The Cloud Final (1)
 
Native iphone app test automation with appium
Native iphone app test automation with appiumNative iphone app test automation with appium
Native iphone app test automation with appium
 
Java Test Automation for REST, Web and Mobile
Java Test Automation for REST, Web and MobileJava Test Automation for REST, Web and Mobile
Java Test Automation for REST, Web and Mobile
 
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
Quality Jam 2017: Kevin Dunne "Macro Trends and Useful Tools that 'Get It'"
 
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
Quality Jam 2017: Elise Carmichael and Corey Pyle "Jumpstarting Your Test Aut...
 
Advocating Adoption: Best Practices for User-Friendly Jira Configurations
Advocating Adoption: Best Practices for User-Friendly Jira ConfigurationsAdvocating Adoption: Best Practices for User-Friendly Jira Configurations
Advocating Adoption: Best Practices for User-Friendly Jira Configurations
 
What DevOps means for QA Teams
What DevOps means for QA TeamsWhat DevOps means for QA Teams
What DevOps means for QA Teams
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)
 
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN UsersAn Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
An Admin's Guide for Running Confluence at Scale for 10,000+ Yahoo! JAPAN Users
 
London SF Developers: Custom Lightning Component Error Handling
London SF Developers: Custom Lightning Component Error HandlingLondon SF Developers: Custom Lightning Component Error Handling
London SF Developers: Custom Lightning Component Error Handling
 
What is WAAT?
What is WAAT?What is WAAT?
What is WAAT?
 
AQA TALKS 4 - AUTOMATION TEST REPORTER
AQA TALKS 4 - AUTOMATION TEST REPORTERAQA TALKS 4 - AUTOMATION TEST REPORTER
AQA TALKS 4 - AUTOMATION TEST REPORTER
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)
 
Testing lightning components feb 15th 2018
Testing lightning components feb 15th 2018Testing lightning components feb 15th 2018
Testing lightning components feb 15th 2018
 
Accelerating DevOps Collaboration with Sauce Labs and JIRA
Accelerating DevOps Collaboration with Sauce Labs and JIRAAccelerating DevOps Collaboration with Sauce Labs and JIRA
Accelerating DevOps Collaboration with Sauce Labs and JIRA
 
How to pass a coding interview as an automation developer talk - Oct 17 2016
How to pass a coding interview as an automation developer talk - Oct 17 2016How to pass a coding interview as an automation developer talk - Oct 17 2016
How to pass a coding interview as an automation developer talk - Oct 17 2016
 
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
QA&test 2016 (Bilbao) Pros and Cons of Doing Performance Testing Along with D...
 

Similar to OWASP ESAPI WAF AppSec DC 2009

AppTrana Competency Matrix for OWASP Top 10
AppTrana Competency Matrix for OWASP Top 10AppTrana Competency Matrix for OWASP Top 10
AppTrana Competency Matrix for OWASP Top 10IndusfacePvtLtd
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierHarvard Web Working Group
 
Appium workship, Mobile Web+Dev Conference
Appium workship, Mobile Web+Dev ConferenceAppium workship, Mobile Web+Dev Conference
Appium workship, Mobile Web+Dev ConferenceIsaac Murchie
 
Appium mobile web+dev conference
Appium mobile web+dev conferenceAppium mobile web+dev conference
Appium mobile web+dev conferenceIsaac Murchie
 
What's New in AppFuse 2.0
What's New in AppFuse 2.0What's New in AppFuse 2.0
What's New in AppFuse 2.0Matt Raible
 
High Availability SOA APP with GlusterFS
High Availability SOA APP with GlusterFSHigh Availability SOA APP with GlusterFS
High Availability SOA APP with GlusterFSzeridon
 
Integrate Your Test Automation Tools for More Power
Integrate Your Test Automation Tools for More PowerIntegrate Your Test Automation Tools for More Power
Integrate Your Test Automation Tools for More PowerTechWell
 
AliExpress’ Way to Microservices - microXchg 2017
AliExpress’ Way to Microservices - microXchg 2017AliExpress’ Way to Microservices - microXchg 2017
AliExpress’ Way to Microservices - microXchg 2017juvenxu
 
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet Puppet
 
Achieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetAchieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetDevoteam Revolve
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
NodeJS Interactive 2019: FaaS meets Frameworks
NodeJS Interactive 2019: FaaS meets FrameworksNodeJS Interactive 2019: FaaS meets Frameworks
NodeJS Interactive 2019: FaaS meets FrameworksChris Bailey
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Practical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPractical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPriyanka Aash
 
Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)Sergio Navarro Pino
 
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...Concentrated Technology
 
How we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we gotHow we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we gotBaruch Sadogursky
 

Similar to OWASP ESAPI WAF AppSec DC 2009 (20)

AppTrana Competency Matrix for OWASP Top 10
AppTrana Competency Matrix for OWASP Top 10AppTrana Competency Matrix for OWASP Top 10
AppTrana Competency Matrix for OWASP Top 10
 
Tastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work EasierTastypie: Easy APIs to Make Your Work Easier
Tastypie: Easy APIs to Make Your Work Easier
 
Appium workship, Mobile Web+Dev Conference
Appium workship, Mobile Web+Dev ConferenceAppium workship, Mobile Web+Dev Conference
Appium workship, Mobile Web+Dev Conference
 
Appium mobile web+dev conference
Appium mobile web+dev conferenceAppium mobile web+dev conference
Appium mobile web+dev conference
 
What's New in AppFuse 2.0
What's New in AppFuse 2.0What's New in AppFuse 2.0
What's New in AppFuse 2.0
 
ESAPI
ESAPIESAPI
ESAPI
 
Esapi
EsapiEsapi
Esapi
 
High Availability SOA APP with GlusterFS
High Availability SOA APP with GlusterFSHigh Availability SOA APP with GlusterFS
High Availability SOA APP with GlusterFS
 
Integrate Your Test Automation Tools for More Power
Integrate Your Test Automation Tools for More PowerIntegrate Your Test Automation Tools for More Power
Integrate Your Test Automation Tools for More Power
 
AliExpress’ Way to Microservices - microXchg 2017
AliExpress’ Way to Microservices - microXchg 2017AliExpress’ Way to Microservices - microXchg 2017
AliExpress’ Way to Microservices - microXchg 2017
 
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
 
Achieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetAchieving Continuous Delivery with Puppet
Achieving Continuous Delivery with Puppet
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact Assessment
 
Integration Testing in Python
Integration Testing in PythonIntegration Testing in Python
Integration Testing in Python
 
NodeJS Interactive 2019: FaaS meets Frameworks
NodeJS Interactive 2019: FaaS meets FrameworksNodeJS Interactive 2019: FaaS meets Frameworks
NodeJS Interactive 2019: FaaS meets Frameworks
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Practical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPractical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOps
 
Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)Advanced deployment scenarios (netcoreconf)
Advanced deployment scenarios (netcoreconf)
 
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...
TechMentor Fall, 2011 - How to Resolve (Nearly) Every Windows 7 Application I...
 
How we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we gotHow we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we got
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

OWASP ESAPI WAF AppSec DC 2009