Download - Web Application Firewall (WAF) DAST/SAST combination

Transcript
Page 1: Web Application Firewall (WAF) DAST/SAST combination

New generationWeb Application

Firewall:Shield for your apps

Nazar Tymoshyk Ph.D, Security Consultant, R&D at SoftServe

Page 2: Web Application Firewall (WAF) DAST/SAST combination

Even best applicationsget challenges

Page 3: Web Application Firewall (WAF) DAST/SAST combination

Big applications get bigger challenges

Page 4: Web Application Firewall (WAF) DAST/SAST combination

Security is important factor for your app

Page 5: Web Application Firewall (WAF) DAST/SAST combination

Consequences

PenaltiesReputation loss Data loss

Page 6: Web Application Firewall (WAF) DAST/SAST combination

IP Theft

Modify Victims website to deploy

MALWARE to website visitors

Breaching organizational

perimeters

Taking over high-value accounts

Threats

Page 7: Web Application Firewall (WAF) DAST/SAST combination

Previously, attackers used application vulnerabilities to cause embarrassment and disruption. But now these attackers are exploiting vulnerabilities to steal data and much more

Hackers motives

Page 8: Web Application Firewall (WAF) DAST/SAST combination
Page 9: Web Application Firewall (WAF) DAST/SAST combination

Veracode State of Software Security Report 2012

Vulnerability Distribution on First Submission by Language

Problematic

Page 10: Web Application Firewall (WAF) DAST/SAST combination

Veracode State of Software Security Report 2012

Percentage of Affected Vendor Supplied Web Application Builds

Page 11: Web Application Firewall (WAF) DAST/SAST combination

How much time you need to fix security issues in app?

Page 12: Web Application Firewall (WAF) DAST/SAST combination

We have a solution for your application!

Page 13: Web Application Firewall (WAF) DAST/SAST combination

Web application firewall

Microsoft IIS Apache Nginx

Page 14: Web Application Firewall (WAF) DAST/SAST combination

CYA (cover your apps)

Time-to-Fix vs. Time-to-Hack

Automated Temporary Patches

Page 15: Web Application Firewall (WAF) DAST/SAST combination

Brute Force protection

DDoS protection

Mitigate them immediately without waiting weeks for code changes.

and do your business

Page 16: Web Application Firewall (WAF) DAST/SAST combination

Protection Against OWASP Top 10

Protection Against Zero-day Exploits

Page 17: Web Application Firewall (WAF) DAST/SAST combination

Detects disclosure and unauthorized content in outbound reply messages, such as source code, Credit-card and Social Security numbers.

Stops Data Leakage

Protect your IP

Page 18: Web Application Firewall (WAF) DAST/SAST combination

Who need WAF?

Mature ISV

Financial organizationsHealthcare organizations

Immature ISV

PCIDSS 6.6E-

commerce

Education

Retail

Page 19: Web Application Firewall (WAF) DAST/SAST combination

DEMO

Let’s test vulnerable web application with popular security tools

Page 20: Web Application Firewall (WAF) DAST/SAST combination

It really works!

Applications Secured -Business Protected

Page 21: Web Application Firewall (WAF) DAST/SAST combination

Our IP is: combination of Dynamic Application Security Testing (DAST) with Web Application

Firewall (WAF) that’s empower security and allow dynamically identify and patch unknown

vulnerabilities

Page 22: Web Application Firewall (WAF) DAST/SAST combination

Would you like to try?

Thank You!www.softserveinc.com

Copyright © 2012 SoftServe, Inc.

Europe Headquarters 52 V. Velykoho Str.Lviv 79053, Ukraine

Tel: +380-32-240-9090Fax: +380-32-240-9080

E-mail: [email protected]

US Headquarters12800 University Drive, Suite 410Fort Myers, FL 33966, USA

Tel: 239-690-3111 Fax: 239-690-3116

E-mail: [email protected]


Top Related

DASt 022 - pag 1 - 10

DASt 022 - pag 1 - 10

Product Roadmap - Tech Exec Networks · 2017-01-06 · Potential Fortify –HP Integrations • Hybrid 2.0: DAST, SAST & RAST integration • Defect Tracking: HP Quality Center &

Product Roadmap - Tech Exec Networks · 2017-01-06 · Potential Fortify –HP Integrations • Hybrid 2.0: DAST, SAST & RAST integration • Defect Tracking: HP Quality Center &

Security Assessment of Web AAdvanced Threat and ... · • Performed application security testing, SAST & DAST including manual tests using IBM Appscan and Burp Suite, as per OWASP,SANS

Security Assessment of Web AAdvanced Threat and ... · • Performed application security testing, SAST & DAST including manual tests using IBM Appscan and Burp Suite, as per OWASP,SANS

Open Source SAST and DAST Tools for WebApp Pen Testing · Test tuning –DAST tools are tricky to configure, due to the complex variations in the target applications. Manual testers

Open Source SAST and DAST Tools for WebApp Pen Testing · Test tuning –DAST tools are tricky to configure, due to the complex variations in the target applications. Manual testers

40 Day Dast

40 Day Dast

Dynamic DAST/WAF Integration › › ASDC12-Dynamic_DASTWAF...Rules of Engagement Restrictions •Active scanning can be “harmful” to some applications •Rules of Engagement –Restrictive

Dynamic DAST/WAF Integration › › ASDC12-Dynamic_DASTWAF...Rules of Engagement Restrictions •Active scanning can be “harmful” to some applications •Rules of Engagement –Restrictive

Acceptance Testing – - SAST

Acceptance Testing – - SAST

Hybrid 2.0 – In search of the holy grail… · • Fortify Runtime Analysis + WebInspect = Hybrid 2.0 • Runtime Analysis is required to ensure proper mapping of SAST/DAST results

Hybrid 2.0 – In search of the holy grail… · • Fortify Runtime Analysis + WebInspect = Hybrid 2.0 • Runtime Analysis is required to ensure proper mapping of SAST/DAST results

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS