Web Application Protection Against Hackers and Vulnerabilities

Slides:



Advertisements
Similar presentations
Webgoat.
Advertisements

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.
Barracuda Web Application Firewall
Lisa Farmer, Cedo Vicente, Eric Ahlm
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.
SiteLock Internet Security: Big Threats for Small Business.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Barracuda Networks Steve Scheidegger Commercial Account Manager
Norman SecureSurf Protect your users when surfing the Internet.
Barracuda Networks Confidential 1 Barracuda Web Filter Overview 1 Barracuda Networks Confidential11 Barracuda Web Filter Overview.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Barracuda Load Balancer Server Availability and Scalability.
Global Systems Division (GSD) Information and Technology Services Web Services Gateway Implementation Michael Doney Bobby Kelley Peter Lannigan John Parker.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Imperva Total Application Security Idan Soen, CISSP Security Engineer SecureSphere – The First Dynamic Profiling Firewall Idan Soen, CISSP Security Engineer.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Barracuda Web Filter Overview. Introduction to the Barracuda Web Filter Integrated content filtering and Web security –Regulate leisure browsing Adult,
Web Application Firewall (WAF) RSA ® Conference 2013.
Software Security Testing Vinay Srinivasan cell:
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.
SIGITE 2008: Oct Integrating Web Application Security into the IT Curriculum James Walden Northern Kentucky University.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
Crash Course in Web Hacking
High Performance Web Accelerator WEB INSIGHT AG Product Introduction March – 2007 MONITORAPP Co.,Ltd.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Deconstructing API Security
Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Microsoft TMG End of Life. Who is Barracuda? Barracuda Networks Established: 2003 Headquarter: Campell, CA Employees: Customers: Market:
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.
Barracuda NG Firewall ™
Closing the Door on Web Application Attacks FISSEA 2004
Accelerating Your Journey to a Safe Cloud
Barracuda SSL VPN 2012.
Grow Your Business with the Security Leader
TMG Client Protection 6NPS – Session 7.
Barracuda Web Security Flex
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Grow Your Business with the Security Leader
Securing Your Web Application in Azure with a WAF
Chapter 7: Identifying Advanced Attacks
Network Security Analysis Name : Waleed Al-Rumaih ID :
Real-time protection for web sites and web apps against ATTACKS
Securing the Network Perimeter with ISA 2004
Chapter 17 Risks, Security and Disaster Recovery
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Threat Management Gateway
Website Security Testing: Why Business Need It Very Badly.
Partner Logo Reblaze Utilizes Microsoft Azure Cloud Technology to Provide Web Assets with a Comprehensive, Robust, Protective Shield Against Internet Threats.
Check Point Connectra NGX R60
Protect Microsoft Azure Apps from the Risks of Defacement, Data Leakage and Identity Theft “Microsoft Azure is the obvious platform to deploy your cloud.
Intrusion Detection system
F5 Networks Solutions Silverline Silverline
The MobileIron® Threat Detection difference:
Presentation transcript:

Web Application Protection Against Hackers and Vulnerabilities Barracuda Web Application Firewall Web Application Protection Against Hackers and Vulnerabilities Barracuda Networks Confidential Barracuda Networks Confidential 1 1

Introduction Application-layer Security for Web Traffic Fully application aware Application Delivery and Acceleration Web User Access Control Full-featured, scalable WAF Familiar Barracuda Networks interface / ease of use Economical – no per user fees Barracuda Networks Confidential

Data Center Assets Increasingly Vulnerable Identity theft Data theft Worms Denial of Service SQL Injection Parameter tampering Business Implications Lost revenue Brand erosion Regulatory compliance: SOX, GLBA, HIPAA 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008. Source: IBM X-Force Barracuda Networks Confidential

Challenges with Legacy Security Solutions Network Firewalls Blindly allow HTTP/S Web traffic IPS/IDS Signature matching only, not application aware Cannot protect from zero-day attacks No protection for encrypted traffic Non deterministic protection Cannot “normalize” traffic to detect obfuscated attacks None Well known signatures only IPS / Network Firewalls Data Theft Application DoS Google Hacks Forceful Browsing Identity Theft Buffer overflow Parameter Tampering Stealth Commanding Injection Attacks Cross Site scripting Hidden field manipulation Cookie poisoning Application Firewall Application Threat THIS is the reason so many leading Fortune 500 companies and industry experts have concluded that application firewalls are now mandatory. When you step back and consider the facts, the conclusion is pretty straightforward. They know that (summarize points from this section): - Apps provide access to sensitive data… - Firewalls don’t protect… - IPS and patching… - Just fixing code is difficult, expensive and slow (leaves holes open for far too long while you’re figuring out what to do) CONCLUSION – Solution must be: “Firewall” – Needs to be something at the perimeter that blocks attacks BEFORE they get to the app – extension of defense-in-depth “Proactive” – Must block attacks before they are known, not reactively chase hackers by waiting for signatures, etc. “Signature-Based” products will never be able to solve this problem. What’s needed is a What is Missing? More insight and control into application structure: URLs, cookies, headers, FORMs, Session, SOAP actions, XML elements … Barracuda Networks Confidential

The solution: Layer 7 security Firewall blocks only network attacks Web Applications Port 80/443 traffic goes through Barracuda Web Application Firewall The solution: Barracuda Web Application Firewall Understands web traffic Layer 4 and Layer 7 load balancing for Web servers Accelerates application delivery Protects against common web attacks Mitigates broken access control Barracuda Networks Confidential

Comprehensive Application Layer Protection Full inspection of application data input Complete knowledge of expected values Real-time policy creation and enforcement INSPECTS FOR: Malicious Commands Illegal Keywords Hidden Field Tampering Parameter Tampering Altered HTTP Methods Max Length Exceptions Illegitimate URLs WSI Profile Validation XML Schema Validation Virus/Malware Injection Distribute DoS ENFORCES: Intended application logic Web site cloaking Legitimate crawling Valid parameter values Non-disclosure of sensitive data Appropriate session state SSL and Session security Valid URLs Rate Control Web Applications/Services Users Barracuda Networks Confidential

Barracuda Web Application Firewall Benefits SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

Barracuda Web Application Firewall Benefits SECURE WEB APPLICATIONS • Cloak server information • Protect against layer 7 attacks • Data theft protection • Integrated XML protection SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

Barracuda Web Application Firewall Benefits SCALE AND SPEED UP APPLICATION DELIVERY • Load balancing • Caching • Compression • Integrated access control - LDAP / RADIUS - Client certificates SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

Barracuda Web Application Firewall Benefits GAIN VISIBILITY VIA LOGS AND REPORTS • Web firewall logs • Audit logs • Access logs • Traffic / attack reports SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

Barracuda Web Application Firewall Benefits ACHIEVE COMPLIANCE • Role based access • LDAP authentication • PCI reports • Audit reports SECURE WEB APPLICATIONS SCALE UP AND SPEED UP GAIN VISIBIILITY VIA LOGS AND REPORTS ACHIEVE COMPLIANCE Barracuda Networks Confidential

Out of line as a one armed proxy Typical Deployment Inline between the network firewall and the servers in Proxy or Bridge mode Both these deployments can be put in High Availability set up with two units in a pair Out of line as a one armed proxy Barracuda Networks Confidential

Barracuda Networks http://www.barracuda.com/products Summary Comprehensive Web application protection Application delivery and acceleration Authentication and Authorization Logging, monitoring and reporting Achieve compliance: PCI, HIPAA, GLBA Barracuda Networks http://www.barracuda.com/products Barracuda Networks Confidential 13 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.