March, 2011
Penta Security Systems Inc.
WAPPLES Introduction& the Future
2
Table of Contents
Why a Web Application Firewall?
• Risk on the rise
• Targets of web attacks
• Why should we care about web application attacks?
What Is a Web Application Firewall?
• WAF is for What?
• FW, IDS/IPS, and WAF enabled list
Boasting Top-notch WAF - WAPPLES
• Intelligent Web Application Firewall - WAPPLES
• Key Differences
• WAPPLES logical analytic detection engine
• WAPPLES Major Features
Must-have Trend
• Cloud Computing Security
WAPPLES Introduction & the Future
Why Web Application Firewall
3
Risk on the rise!
Expansion of web applications
B2B, B2C, G2C, etc.
Used for internal tasks as well as external services
Rapid growth of web vulnerabilities
53% of all vulnerabilities disclosed in 2008 were related to web applications1
Only 26% of known vulnerabilities are patched by the end of 20082
Web applications are the #1 focus of hackers:
One new infected webpage is discovered every 4.5 seconds2
SQL Injections are the #1 reported vulnerability3
1. IBM Internet Security Systems in 2008 X-Force® Trend & Risk Report 2. Sophos, Security threat report: 2009 - Prepare for this year’s new threats3. WASC : The Web Hacking Incidents Database
SQL Injection,
30%
Unknown, 29%Cross Site
Scripting (XSS), 8%
CSRF, 3%
Others, 30%
WAPPLES Introduction & the Future
Why a Web Application Firewall?
4
• Sniffing• SSL redirection
• Cross Site Scripting (XSS)• Active Contents Execution
• Web Server S/W Vulnerabilities
• Authentication / Authorization• Site Structure• Input Validation• Attack on Application Logic
Request
Response
• Injection Flaws• Command execution by query
Targets of web attacks
4WAPPLES Introduction & the Future
Why should we care about web application attacks?
5
Security Spending
% of Dollars% of Attacks 75%
25%
10%
90%
WebApplications
NetworkServers
of attacks on Information Security are directed to the Web Application Layer
75%- Gartner -
Why a Web Application Firewall?
5WAPPLES Introduction & the Future
Why a Web Application Firewall?
Web application firewall has a higher priority
Web applications are the #1 focus of hackers75% of attacks are directed at the Application layer (Gartner)
SQL Injections are the #1 reported vulnerability (The web hacking incidents DB, 2008)
Most websites are vulnerable90% of websites are vulnerable to application attacks (Watchfire)
78% percent of easily exploitable vulnerabilities affect Web applications (Symantec)
80% of organizations will experience an application security incident by 2010 (Gartner)
Web applications are high value targets for hackersCustomer data, Credit Cards, Social Security Numbers, ID theft, fraud, website defacement, etc.
Compliance requirementsPayment Card Industry Standards (PCI-DSS), GLBA, HIPPA, and FISMA
6WAPPLES Introduction & the Future
Cost Saving
Introducing a WAF is cost-saving for a company’s IT resources
Much more cost effective than hiring a person to manage application security manually
7
Item Assumptions Sum
Homepage source code lines 100,000 Lines
Number of vulnerabilities per source code 1,000 lines 10 1,000
Time to find and eliminate 1 vulnerability 6 hr. 6,000hr.
Average working hours a day 8 hr. 750days
Daily payment for engineer 150 112,500
<Revenue in U$>
US CERT, DEPT
Why a Web Application Firewall?
WAPPLES Introduction & the Future
Network Security
Part of IT
Networking Experts
Product Focused
1000s of Copies
Signature Based
Patch Management
Don’t let anyone rely on network security techniques to gain application security
Application Security Is A Totally Different World
What Is a Web Application Firewall?
Application Security
Part of Business Units
Software Experts
Custom Code Focused
1 Copy of Software
No Signatures
Prevents Vulnerabilities
8WAPPLES Introduction & the Future
9
What Is a Web Application Firewall?
WAF Is For What?
Definition
It executes a security analysis of the OSI 7 layer between all messages between the web server and the web client.
It protects against attacks aimed at the web application.
Roles
Protects web servers from external attacks (service in)
Protects against leakage of the web server’s most important information (service out)
Web Application Firewall
IDS / IPS
Network Firewall
9WAPPLES Introduction & the Future
10
Web Application Firewall
• Based on White-list Signature
• Detects highly sophisticated attacks and
encoded traffic
• Detects unknown attacks
• Analyzes not only protocol but also context
Intrusion Detection / Prevention System
• Based on Black-list Signature
• Detects by comparing patterns of attack
signatures with network traffic
• Cannot detect unknown attacks
Network Firewall
• Allows/blocks the specific port of the specific
IP bandwidth
• Does not have attack detection ability
OSI 7 Layers Protection Device
What Is a Web Application Firewall?
WAF Is For What? (Cont’d)
10WAPPLES Introduction & the Future
11
Top Ten 2010* FW IDS / IPS WAF
A1: Injection X △ O
A2: Cross Site Scripting (XSS) X △ O
A3: Broken Authentication and Session Management X △ O
A4: Insecure Direct Object References X X O
A5: Cross Site Request Forgery (CSRF) X X O
A6: Security Misconfiguration X X O
A7: Insecure Cryptographic Storage X X O
A8: Failure to Restrict URL Access X X O
A9: Insufficient Transport Layer Protection X O O
A10: Unvalidated Redirects and Forwards X X O
* OWASP Top Ten Web Application Security Vulnerabilities (2010)
FW, IDS/IPS, and WAF enabled list
What Is a Web Application Firewall?
WAPPLES Introduction & the Future
Boasting Top-Notch WAF - WAPPLES
12
Intelligent Web Application Firewall - WAPPLES
Firewall
PORT 23 Close
PORT 80 Open
Web Server
WAPPLES Web Application Firewall
Protection of Web Applications
12WAPPLES Introduction & the Future
Boasting Top-Notch WAF - WAPPLES
Key Differences
WAPPLES’s advanced architecture and technology provides the strongest intrusion
detection and protection for web applications with near 0 false positive detection and an immunity to unknown attacks.
Unique Logic Based Detection Engine provides automated best of breed detection/protection capability for web applications, overcoming configuration/operation complexity (which had been the biggest barrier toward rapid growth of the WAF market, in spite of its critical importance).
Commercially proven and tested solution with more than 900 customersincluding SMB to Large Enterprises.
9+ years of experience in WAF business
13WAPPLES Introduction & the Future
Boasting Top-Notch WAF - WAPPLES
WAPPLES logical analytic detection engine is called COCEP
COCEP stands for COntents Classification and Evaluation Processing.
Logic analysis based engine is not a signature based approach.
It analyzes and blocks each type of attack.
14WAPPLES Introduction & the Future
Boasting Top-Notch WAF - WAPPLES
Our Detection Engine uses 3 evaluation mechanisms Logical analytic engine means a detection engine performs an application layer
interpretation and verification based on the below 3 mechanisms:
• Evaluation based on Heuristic analysis
• Evaluation based on Semantic analysis
• Evaluation based on Pattern Matching
WAPPLES 26 detection rules and 1 function (IP Block) can be classified as follows:
Evaluation based on Heuristic Analysis
Evaluation based on Semantic Analysis
Evaluation based on Pattern Matching
Cross Site Scripting Buffer Overflow
Include Injection Directory Listing
Cookie Poisoning Invalid HTTP Error Handling
IP Block Invalid URI Extension Filtering
Parameter Tampering Parameter Tampering File Upload
Suspicious Access Privacy File Filtering Input Content Filtering
URI Access Control Privacy Input Filtering IP Filtering
Privacy Output Filtering Request Method Filtering
Request Header Filtering Response Header Filtering
SQL Injection User Defined Pattern
Stealth Commanding Web Site Defacement
Unicode Directory Traversal
15WAPPLES Introduction & the Future
Boasting Top-Notch WAF - WAPPLES
WAPPLES Unique Technology Enables the Following:
Higher Performance• No additional system load due to the inputting of new patterns.
Generally, more than 3000 patterns lead to low system performance.
• No difference in performance, in both test environment and real operation environment.
Ease of Use and Less Maintenance• Installation without (or with minimal) changes in server and network settings is possible.
• Extremely low management burden for administrator.
• Low operation cost signature update service, but S/W version update service.
Visualizes Various Information• Web Traffic, Hit Count, Detection Log summary
• Statistics for hour, day, week, month, and year
• Supports more than 22 visualized charts
16WAPPLES Introduction & the Future
Boasting Top-Notch WAF - WAPPLES
WAPPLES Major Features
Provides User View using Docking Capability
• Relocation of each window
• Saves User View settings
Supports Quick Configuration
• Supports configuration by levels
• Simplifies complex settings
17WAPPLES Introduction & the Future
Certifications and Patents
WAPPLES Introduction & the Future 18
Korea National Intelligence Service CC Evaluation (EAL4)• Registration No. NISS-2049-2010
PCI-DSS Certification• Registration No. AK 50170345 0001
Patents• United States: METHOD OF DETECTING A WEB APPLICATION ATTACK
U.S. Application No. 12/876,820
• China: METHOD OF DETECTING A WEB APPLICATION ATTACK
Chinese Patent Application for Invention No. 201010287262.2
• Japan: METHOD OF DETECTING A WEB APPLICATION ATTACK
Japanese Patent Application No. 2010-178803
• Republic of Korea: 2 patents are registered
METHOD FOR DETECTING A WEB APPLICATION ATTACK 10-2010-0064363
METHOD FOR DETECTING A WEB ATTACK BASED ON A SECURITY RULE 10-2009-0077410
Boasting Topnotch WAF - WAPPLES
19
Class Value Performance High-End
Model WAPPLES-50 WAPPLES-100 eco
WAPPLES-500 WAPPLES-1000 type2
WAPPLES-2000 WAPPLES-5000
Appearance
Capacity
Maximum Throughput 100 Mbps 300 Mbps 500 Mbps 2 Gbps 4 Gbps 6 Gbps
HTTP Transactions/sec 3,000 9,000 15,000 30,000 50,000 70,000
SSL Transactions/sec 2,000 5,000 8,000 15,000 24,000 33,000
Hardware
Form Factor 1U 1U 1U 2U 2U 2U
CPU Intel Dual Core 2.5GHzIntel Quad Core
2.66GHzIntel Quad Core Xeon
2.66GHzIntel Quad Core Xeon
2.33GHz * 2Intel Quad Core Xeon
2.66GHz *2Intel Westmere
2.53GHz * 2
Memory 2 GB 4 GB 8 GB 8 GB 16 GB 24 GB
HDD 160GB 500GB 500GB 500GB 500GB 1TB
Dimensions443mm/292mm/44.5m
m 443mm/292mm/44.5m
m443mm/406mm/44.5mm 443mm/512mm/88mm 443mm/512mm/88mm 431.8mm/580mm/88mm
Weight 8Kg 8Kg 11Kg 18.75Kg 18.75Kg 21KG
NIC
• 2 x10/100/1000 BaseTX
• 4 x10/100/1000 BaseTXBypass
• 2 x10/100/1000 BaseTX
• 8 x10/100/1000 BaseTXBypass
• 6 x10/100/1000 BaseTXBypass
OR
• 2 x1000 Base Optical Bypass
• 2 x10/100/1000 BaseTXBypass
• 8 x10/100/1000 BaseTXBypass
• 2 x1000 BaseSFP
(Optional)
• 2 x1000 Base Optical Bypass
• 2 x10/100/1000 BaseTX
• 8 x10/100/1000 BaseTXBypass
• 4 x1000 BaseSFP
(Optional)
• 2 x1000 Base Optical Bypass
• 2 x10/100/1000 BaseTX
• 8 x10/100/1000 BaseTXBypass
• 4 x1000 BaseSFP
• 2 x1000 Base Optical Bypass
(Optional)
• 4 x1000 Base Optical Bypass
• 2 x10G Base Optical Bypass
Power SupplyAC100~240V 50/60Hz
200WAC100~240V 50/60Hz
200WAC100~240V 50/60Hz
300W
AC100~240V 50/60Hz 400WRedundant Power Supply
AC100~240V 50/60Hz 400WRedundant Power Supply
AC100~240V 50/60Hz 500WRedundant Power Supply
WAPPLES Introduction & the Future
Must-have Trend
Must-have Trend - Cloud Computing Security
Web-based cloud computing All businesses (services) based on cloud computing are provided via the web: whether it is in the
form of IaaS, PaaS, SaaS
The service that satisfies the essential characteristics of Cloud Computing is the web (according to the
Visual Model of NIST Working Definition)
The web is the most appropriate and optimized interface to provide cloud computing service
Cloud Computing Security is Web Application Security Since cloud computing is web-based, its security issues have much in common with web application
security.
20
It’s the
Web!
WAPPLES Introduction & the Future
Cloud Computing Security Is A No. 1 Issue
Cloud computing issues : Security There are many issues related to newly-rising cloud computing: Performance, Availability,
Integration, etc.
Despite the existence of many issues, security sector is the most important one.
21
Must-have Trend
55.8%
61.1%
63.1%
63.1%
74.6%
40% 50% 60% 70% 80%
Not enough ability to customize
Hard to integrate with in-house IT
Availability
Performance
SecurityThe challenges/issues ascribed to the ‘cloud’/on-demand model
Source: IDC Enterprise Panel, August 2008
WAPPLES Introduction & the Future
WAPPLES Meets the Demands
Must-have Trend
22
V50 V500 V1000 V2000 V4000
CPU 1 Cores 2 Cores 4 Cores 8 Cores 16 Cores
Performance
CPS
(Connection per Second)5,000 10,000 20,000 40,000 80,000
Minimum requirements per physical host
Hypervisor Citrix XenServer 5 (update 3 or higher); VMWare ESX/ESXi 3.5 or higher
Processor Dual core server with Intel® VTx
Memory 2 GB
Hard drive 20 GB
Network Interface Hypervisor supported network interface card
<2011 Virtual Appliance Lineup>
Web service
UserVirtual appliance(WAF)
Cloud Computing Environment
WAPPLES Introduction & the Future
Thank you.
Penta Security Systems Inc.
Hanjin Shipping Bld. 20F, Seoul, Korea
TEL: 82-2-780-7728 FAX: 82-2-786-5281
www.pentasecurity.com
Penta Security Systems K.K.
東京都浜田区赤坂3-2-8アセンド赤坂3階
TEL: 81-3-5573-8191 FAX: 81-3-5573-8193
23WAPPLES Introduction & the Future
Top Related