CS155 - Firewalls · 1 CS155 - Firewalls Simon Cooper CS155 – Firewalls 22 May 2003
Introducão a Web Applications Firewalls
-
Upload
jeronimo-zucco -
Category
Technology
-
view
6.582 -
download
1
description
Transcript of Introducão a Web Applications Firewalls
![Page 2: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/2.jpg)
Jerônimo Zucco
• CISSP - Certified Information Systems Security Professional
• Blog: http://jczucco.blogspot.com
• Twitter: @jczucco
• http://www.linkedin.com/in/jeronimozucco
• http://www.owasp.org/index.php/User:Jeronimo_Zucco
![Page 3: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/3.jpg)
Onde os dados estão ?
![Page 4: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/4.jpg)
Quem acessa os dados ?
![Page 5: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/5.jpg)
Onde estão as aplicações ?
![Page 6: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/6.jpg)
O NOVO PERÍMETRO
![Page 7: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/7.jpg)
Fonte: WhiteHat Website Security Statistics Report
![Page 8: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/8.jpg)
WAF ?
Dispositivo (Camada 7) especializado em aplicações Web
![Page 9: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/9.jpg)
Capacidade de detectar e bloquear ataques
•Ataques Diretos
•Ataques Indiretos
•Modelo Positivo
•Modelo Negativo
•Modo de Aprendizagem
![Page 10: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/10.jpg)
Detecção
• Inspeciona cabecalho e o corpo da requisição
• Inspeciona cabecalho e corpo da resposta
• Inspeção de arquivos upload
![Page 11: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/11.jpg)
Violação de protocolo
• Vulnerabilidades do protocolo
• Tamanho das requisições
• Caracteres não ASCII nos cabeçalhos
• Validação de cabeçalhos
• Tentativa de uso como proxy
![Page 12: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/12.jpg)
Políticas
• Whitelists
• Tamanho do request/upload
• Restrição de métodos (WebDAV, CONNECT, TRACE, DEBUG)
• Extensão de arquivos
![Page 13: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/13.jpg)
Clientes Maliciosos
• Comentários SPAM
• Blacklists
• Scanners
![Page 14: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/14.jpg)
Ataques na Aplicação
• SQL injection e blind SQL injection
• Cross site scripting (XSS)
• Injeção de comando no SO ou acesso remoto
• Inclusão remota de arquivos maliciosos
• Assinaturas de vulnerabilidades p/apps conhecidas
• Detecção de malware em uploads ou links maliciosos
![Page 15: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/15.jpg)
Virtual Patching
• Correcão de um erro da aplicação através de criação de regra no WAF
• Correções rápidas
• Zero Days
• Aplicações fechadas
• Custo para correção
![Page 16: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/16.jpg)
Vazamento de Informação
• Última linha de defesa
• Vazamento de informações (Nro. Cartão de crédito, CPF, etc)
• Erros HTTP
• Informações do Banco de Dados
• Stack Dumps
![Page 17: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/17.jpg)
Debug
•Detecção de erros na aplicação
•Reprodução de eventos
•Registro de eventos
•Auxílio no debug de aplicação
![Page 18: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/18.jpg)
WAFs Comerciais
• WebDefend - Trustwave
• SecureSphere - Imperva
• Hyperguard - Art of Defence
• Barracuda Web Application Firewall
• Cisco ACE Web Application Firewall
![Page 19: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/19.jpg)
WAFs Código Aberto
•ModSecurity - Trustwave
•WebKnight - Aqtronix (dll IIS)
• IronBee - Qualys
![Page 20: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/20.jpg)
Conclusões
• Porque não corrigir a aplicação ?
• Impacto na performance
• Falso positivos e negativos
• WAF = Mais uma camada de proteção
![Page 21: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/21.jpg)
Referências
• Web Application Firewall Evaluation Criteria (WAFEC) - http://is.gd/kYpTjO
• Web Application Security Consortium - http://www.webappsec.org
• OWASP Best Practices: Web Application Firewalls - http://is.gd/Uat2Lw
• OWASP Securing WebGoat using ModSecurity - http://is.gd/imfq0z
![Page 22: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/22.jpg)
Perguntas ?
![Page 23: Introducão a Web Applications Firewalls](https://reader033.fdocuments.net/reader033/viewer/2022051817/549386e3b47959384d8b4842/html5/thumbnails/23.jpg)
http://www.appseclatam.org