Web Application Firewall (WAF) DAST/SAST combination

New generationWeb Application

Firewall:Shield for your apps

Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe

Even best applicationsget challenges

Big applications get bigger challenges

Security is important factor for your app

Consequences

PenaltiesReputation loss Data loss

IP Theft

Modify Victims website to deploy

MALWARE to website visitors

Breaching organizational

perimeters

Taking over high-value accounts

Threats

Previously, attackers used application vulnerabilities to cause embarrassment and disruption. But now these attackers are exploiting vulnerabilities to steal data and much more

Hackers motives

Veracode State of Software Security Report 2012

Vulnerability Distribution on First Submission by Language

Problematic

Veracode State of Software Security Report 2012

Percentage of Affected Vendor Supplied Web Application Builds

How much time you need to fix security issues in app?

We have a solution for your application!

Web application firewall

Microsoft IIS Apache Nginx

CYA (cover your apps)

Time-to-Fix vs. Time-to-Hack

Automated Temporary Patches

Brute Force protection

DDoS protection

Mitigate them immediately without waiting weeks for code changes.

and do your business

Protection Against OWASP Top 10

Protection Against Zero-day Exploits

Detects disclosure and unauthorized content in outbound reply messages, such as source code, Credit-card and Social Security numbers.

Stops Data Leakage

Protect your IP

Who need WAF?

Mature ISV

Financial organizationsHealthcare organizations

Immature ISV

PCIDSS 6.6E-

commerce

Education

Retail

Let’s test vulnerable web application with popular security tools

It really works!

Applications Secured -Business Protected

Our IP is: combination of Dynamic Application Security Testing (DAST) with Web Application

Firewall (WAF) that’s empower security and allow dynamically identify and patch unknown

vulnerabilities

Would you like to try?

Thank You!www.softserveinc.com

Europe Headquarters 52 V. Velykoho Str.Lviv 79053, Ukraine

Tel: +380-32-240-9090Fax: +380-32-240-9080

E-mail: info@softserveinc.com

US Headquarters12800 University Drive, Suite 410Fort Myers, FL 33966, USA

Tel: 239-690-3111 Fax: 239-690-3116

E-mail: info@softserveinc.com

Web Application Firewall (WAF) DAST/SAST combination

Technology

Transcript of Web Application Firewall (WAF) DAST/SAST combination

2020 WAF Awards Nomination Guide - WAF- World Auto Forum

SAST sept 2011

SAST Disclosure 10102009

Open Source SAST and DAST Tools for WebApp Pen Testing · Static code analysis identifies web application endpoints by parsing routes and identifying parameters in the supported languages

Dynamic DAST/WAF Integration › › ASDC12-Dynamic_DASTWAF...Rules of Engagement Restrictions •Active scanning can be “harmful” to some applications •Rules of Engagement –Restrictive

Dast o Garibaa jild 3

Dast Sast Iast

Testhantering enligt RUP - SAST

dast r26e_e

Application Security SAST & DAST in the Secure SDLC · 2020. 7. 23. · Application Security SAST & DAST in the Secure SDLC Paul Kitor Fortify Solution Architect. Static Application

Dast e ghaib

Современные подходы к SAST

Dast bosee

SAST Open Age Meet

End to End Cybersecurity Services V1d€¦ · SAST DAST Pen Test Infra vulnerability scan Application Security Mobile & Container Security. Tomorrow Virtual Networks Perimeter Expansion

Open Source SAST and DAST Tools for WebApp Pen Testing · Test tuning –DAST tools are tricky to configure, due to the complex variations in the target applications. Manual testers

DASt 006 vom 01-1980

Application Security Testing · OWASP ZAP. 2015 NYS Cyber Security Conference June 2nd 2015 24 DAST Workflow 1. Application staging ... Static Application Security Testing (SAST)

Security Assessment of Web AAdvanced Threat and ... · • Performed application security testing, SAST & DAST including manual tests using IBM Appscan and Burp Suite, as per OWASP,SANS

SAST REGULATIONS