This document discusses application layer firewalls (WAFs) and application layer attacks. It summarizes that WAFs aim to protect applications from common attacks like SQL injection, cross-site scripting, and session manipulation by monitoring and filtering application layer traffic. However, WAFs only treat the symptoms and not the underlying issues, so applications also need to be properly developed and tested to fully remedy vulnerabilities. The presentation then offers to demonstrate a WAF and concludes by thanking the audience.

1. Application Layer FirewallsSaumil Shah, Net-SquareTCS APPSECWEEK - 4.9.2009

2. # who am iSaumil ShahCEO Net-square.Hacker, Speaker, Trainer, Author.M.S. Computer SciencePurdue University.Google: "saumil"LinkedIn: saumilshah

3. Agenda

4. Application Layer AttacksInput TamperingSQL InjectionLDAP, XPATH, XQuery InjectionCross Site Scripting (XSS)Exception HandlingSession ManipulationBuffer OverflowHTTP Parameter Pollution (HPP)...and many more

5. Attacking the applicationNetbanking Loginsaumiluseridxyz' or 3=3 --passwordlogin

6. It is not easy to fix broken applications

7. Application Layer Firewalls(WAF)

8. What do WAFs do?

9. What do WAFs do?

10. Types of WAFs

11. Comparison

12. Shall we see a demo?

13. WAFs cure the symptoms, not the illness.

14. THANK YOUwww.net-square.comsaumil@net-square.comsecure . automate . innovate