Web Application Firewall (WAF) DAST/SAST combination
-
Upload
tjylen-veselyj -
Category
Technology
-
view
517 -
download
1
description
Transcript of Web Application Firewall (WAF) DAST/SAST combination
New generationWeb Application
Firewall:Shield for your apps
Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe
Even best applicationsget challenges
Big applications get bigger challenges
Security is important factor for your app
Consequences
PenaltiesReputation loss Data loss
IP Theft
Modify Victims website to deploy
MALWARE to website visitors
Breaching organizational
perimeters
Taking over high-value accounts
Threats
Previously, attackers used application vulnerabilities to cause embarrassment and disruption. But now these attackers are exploiting vulnerabilities to steal data and much more
Hackers motives
Veracode State of Software Security Report 2012
Vulnerability Distribution on First Submission by Language
Problematic
Veracode State of Software Security Report 2012
Percentage of Affected Vendor Supplied Web Application Builds
How much time you need to fix security issues in app?
We have a solution for your application!
Web application firewall
Microsoft IIS Apache Nginx
CYA (cover your apps)
Time-to-Fix vs. Time-to-Hack
Automated Temporary Patches
Brute Force protection
DDoS protection
Mitigate them immediately without waiting weeks for code changes.
and do your business
Protection Against OWASP Top 10
Protection Against Zero-day Exploits
Detects disclosure and unauthorized content in outbound reply messages, such as source code, Credit-card and Social Security numbers.
Stops Data Leakage
Protect your IP
Who need WAF?
Mature ISV
Financial organizationsHealthcare organizations
Immature ISV
PCIDSS 6.6E-
commerce
Education
Retail
DEMO
Let’s test vulnerable web application with popular security tools
It really works!
Applications Secured -Business Protected
Our IP is: combination of Dynamic Application Security Testing (DAST) with Web Application
Firewall (WAF) that’s empower security and allow dynamically identify and patch unknown
vulnerabilities
Would you like to try?
Thank You!www.softserveinc.com
Copyright © 2012 SoftServe, Inc.
Europe Headquarters 52 V. Velykoho Str.Lviv 79053, Ukraine
Tel: +380-32-240-9090Fax: +380-32-240-9080
E-mail: [email protected]
US Headquarters12800 University Drive, Suite 410Fort Myers, FL 33966, USA
Tel: 239-690-3111 Fax: 239-690-3116
E-mail: [email protected]