Web Application Firewall (WAF) DAST/SAST combination

download Web Application Firewall (WAF) DAST/SAST combination

of 22

  • date post

    23-Jan-2015
  • Category

    Technology

  • view

    493
  • download

    1

Embed Size (px)

description

In this presentation we analyze benefits of applied innovative WAF that have callback connection with DAST security tools and allow very quickly detect security defects in critical SaaS or e-commerce application

Transcript of Web Application Firewall (WAF) DAST/SAST combination

  • 1. New generation Web Application Firewall: Shield for your appsNazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe

2. Even best applications get challenges 3. Big applications get bigger challenges 4. Security is important factor for your app 5. ConsequencesReputation lossPenaltiesData loss 6. Breaching organizational perimetersThreatsIP TheftTaking over high-value accountsModify Victims website to deploy MALWARE to website visitors 7. Hackers motivesPreviously, attackers used application vulnerabilities to cause embarrassment and disruption. But now these attackers are exploiting vulnerabilities to steal data and much more 8. ProblematicVulnerability Distribution on First Submission by LanguageVeracode State of Software Security Report 2012 9. Percentage of Affected Vendor Supplied Web Application BuildsVeracode State of Software Security Report 2012 10. How much time you need to fix security issues in app? 11. We have a solution for your application! 12. Web application firewallMicrosoft IISApacheNginx 13. CYA (cover your apps)Time-to-Fix vs. Time-to-HackAutomated Temporary Patches 14. and do your business Brute Force protectionDDoS protectionMitigate them immediately without waiting weeks for code changes. 15. Protection Against Zero-day ExploitsProtection Against OWASP Top 10 16. Stops Data LeakageProtect your IPDetects disclosure and unauthorized content in outbound reply messages, such as source code, Credit-card and Social Security numbers. 17. Who need WAF? Mature ISV Immature ISV Financial organizations Healthcare organizationsReta il Educatio n PCIDSS 6.6 Ecommerce 18. DEMOLets test vulnerable web application with popular security tools 19. It really works!Applications Secured - 20. Our IP is: combination of Dynamic Application Security Testing (DAST) with Web Application Firewall (WAF) thats empower security and allow dynamically identify and patch unknown vulnerabilities 21. Would you like to try? Europe Headquarters 52 V. Velykoho Str. Lviv 79053, Ukraine Tel: +380-32-240-9090 Fax: +380-32-240-9080 E-mail: info@softserveinc.comUS Headquarters 12800 University Drive, Suite 410 Fort Myers, FL 33966, USA Tel: 239-690-3111 Fax: 239-690-3116 E-mail: info@softserveinc.comwww.softserveinc.comCopyright 2012 SoftServe, Inc.Thank You!