Web Application Firewall (WAF) DAST/SAST combination

22
New generation Web Application Firewall: Shield for your apps Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe

description

In this presentation we analyze benefits of applied innovative WAF that have callback connection with DAST security tools and allow very quickly detect security defects in critical SaaS or e-commerce application

Transcript of Web Application Firewall (WAF) DAST/SAST combination

Page 1: Web Application Firewall (WAF) DAST/SAST combination

New generationWeb Application

Firewall:Shield for your apps

Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe

Page 2: Web Application Firewall (WAF) DAST/SAST combination

Even best applicationsget challenges

Page 3: Web Application Firewall (WAF) DAST/SAST combination

Big applications get bigger challenges

Page 4: Web Application Firewall (WAF) DAST/SAST combination

Security is important factor for your app

Page 5: Web Application Firewall (WAF) DAST/SAST combination

Consequences

PenaltiesReputation loss Data loss

Page 6: Web Application Firewall (WAF) DAST/SAST combination

IP Theft

Modify Victims website to deploy

MALWARE to website visitors

Breaching organizational

perimeters

Taking over high-value accounts

Threats

Page 7: Web Application Firewall (WAF) DAST/SAST combination

Previously, attackers used application vulnerabilities to cause embarrassment and disruption. But now these attackers are exploiting vulnerabilities to steal data and much more

Hackers motives

Page 8: Web Application Firewall (WAF) DAST/SAST combination
Page 9: Web Application Firewall (WAF) DAST/SAST combination

Veracode State of Software Security Report 2012

Vulnerability Distribution on First Submission by Language

Problematic

Page 10: Web Application Firewall (WAF) DAST/SAST combination

Veracode State of Software Security Report 2012

Percentage of Affected Vendor Supplied Web Application Builds

Page 11: Web Application Firewall (WAF) DAST/SAST combination

How much time you need to fix security issues in app?

Page 12: Web Application Firewall (WAF) DAST/SAST combination

We have a solution for your application!

Page 13: Web Application Firewall (WAF) DAST/SAST combination

Web application firewall

Microsoft IIS Apache Nginx

Page 14: Web Application Firewall (WAF) DAST/SAST combination

CYA (cover your apps)

Time-to-Fix vs. Time-to-Hack

Automated Temporary Patches

Page 15: Web Application Firewall (WAF) DAST/SAST combination

Brute Force protection

DDoS protection

Mitigate them immediately without waiting weeks for code changes.

and do your business

Page 16: Web Application Firewall (WAF) DAST/SAST combination

Protection Against OWASP Top 10

Protection Against Zero-day Exploits

Page 17: Web Application Firewall (WAF) DAST/SAST combination

Detects disclosure and unauthorized content in outbound reply messages, such as source code, Credit-card and Social Security numbers.

Stops Data Leakage

Protect your IP

Page 18: Web Application Firewall (WAF) DAST/SAST combination

Who need WAF?

Mature ISV

Financial organizationsHealthcare organizations

Immature ISV

PCIDSS 6.6E-

commerce

Education

Retail

Page 19: Web Application Firewall (WAF) DAST/SAST combination

DEMO

Let’s test vulnerable web application with popular security tools

Page 20: Web Application Firewall (WAF) DAST/SAST combination

It really works!

Applications Secured -Business Protected

Page 21: Web Application Firewall (WAF) DAST/SAST combination

Our IP is: combination of Dynamic Application Security Testing (DAST) with Web Application

Firewall (WAF) that’s empower security and allow dynamically identify and patch unknown

vulnerabilities

Page 22: Web Application Firewall (WAF) DAST/SAST combination

Would you like to try?

Thank You!www.softserveinc.com

Copyright © 2012 SoftServe, Inc.

Europe Headquarters 52 V. Velykoho Str.Lviv 79053, Ukraine

Tel: +380-32-240-9090Fax: +380-32-240-9080

E-mail: [email protected]

US Headquarters12800 University Drive, Suite 410Fort Myers, FL 33966, USA

Tel: 239-690-3111 Fax: 239-690-3116

E-mail: [email protected]