SlideShare a Scribd company logo

WAF 101

Null Bhubaneswar
Null Bhubaneswar

Web application firewall 101

Technology
1 of 20
Download to read offline
1 Web Application Firewall Null Bhubaneswar 18 March 2023 Sampad Rout
SAMPAD ROUT CISSP® Security Architect | Microsoft A little about me 2
3 GE Industrial R&D security ( Aviation, Power and Water, Renewable Energy, Appliances, Transportation) Royal Bank Of Scotland Securing banking platform mostly mortgage division of Coutts AT&T Securing the Media division HBO, Warner Media Microsoft Securing the Ad Platform Outside Org Reviewer for ISC2, Contribution to Opensource (Virtual Patch / IaC), Trainer EXPERIENCES SO FAR What do I do in Spare time XBOX | BLOG | Stories and Movies Subject Matter Expert on AppSec | Data Protection | Secure Architecture | Container Security | API Security
Firewall - Definition, Nomenclature and History, WAF, Difference between Firewall and WAF What is what 01. Pattern Identifiers, Default mechanism, Template rules, Advanced rules, IP reputation CONTENTS 101 Demo How a WAF works 4 03. Look and feel of the rules , Signals and GUI 02. 04. & If Something I left covering which I should have + Q&A Architecture & Placements
What is What Firewall, Nomenclature & History, WAF, Difference between Firewall and WAF 01. 5
What is a Firewall 6 The name firewall : It came from similar in purpose to physical firewalls designed to contain fires and keep them from spreading. ● Firewalls established a barrier between a network that was internal to a company and considered trusted, and an external network, that was considered untrusted. ● In a simple sense a Firewall controls what traffic should be allowed and what to be blocked into your system based on defined rules & patterns.
7
8 A Firewall is a network security device, may come in as a software, a hardware device or a SaaS model, that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. — Common Definition
Firewall Evolution 9 How firewall was enhanced through out Firewall Generations First Generation Second Generation 2.5 Generation Stateless Stateful, Bidirectional Targeted / Specialized Firewalls Packet Filters based on IP and Ports / L3 or L4 Connection / Session based IP , Ports / L3 or L4 IPS, UTM,URL Filtering IP Tables, OS firewall, Basic Switches Usage : ACLs Advanced Switches Usage : ACLs , DMZ Up to L5-L7, Scaling and Performance IP Spoofing, Valid return traffic vs Imposter Good traffic vs Bad Traffic Signature oriented, No Dynamisms
Firewall Evolution Cont.. 10 How firewall was enhanced through out Firewall Generations Third Generation Next-Gen Stateful, Scalable Stateful, Hybrid, RBAC, User grp identify HTTP conversation & apps specific attacks/ L7 Deep packet inspection, Adv threat protection/L7 Host based Application firewalls, WAF Performance, QoS, non- Disruptive Vendor issued NGFW Juniper, CISCO, Checkmarx etc
Web Application Firewall A web application firewall (WAF) protects web applications (hosted in any platform)from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection etc (OWASP Top 10) and beyond. 11 Port / OSI ref model Layer 2 DataLink Layer 3 Network Layer 4 Transport Layer 5 Session Layer 6 Presentation Layer 7 Application Layer 1 Physical WEB APP FIREWALL NETWORK FIREWALL
12 How a WAF works 02. Pattern Identifiers, Default mechanism, Template rules, Advanced rules, IP reputation
Based on Actions / Perform Traffic Pattern Audit/ Monitor Block Allow (Supersedes) Defined Set Whitelist(Supersedes) Blacklist Handle / Gauge True Positives False Positives True Negatives False Negatives RBAC Read-only (Most) App based (App Owners) Admin (Ops) Super User / God mode (Improvements) Action Matrix 13
PREVENTIVE & TECHNICAL CONTROL 14 Basic Model DESCRIPTION EXAMPLE Happened nth time If a malicious event happens for nth number of time with in a defined period from a particular IP/user. XSS/ Inj attack / Failed login pattern detected 50 times in a minute - Block Reputation WAF’s global analysis engine IP, DCs gets flagged as bad actors for 24 hrs globally Templated rules Supports zero-days and virtual patching If there is no patch released or You are not able to patch Complex and Adv rules Complex rules, Combination of rules Whitelist ~ Blacklisted, Allowed ~Blocked and track~ discover
15 LET’S SEE HOW IT LOOKS 03. Enough Talk, Let’s see it in action
Start from the basic: ● OWASP / Port Swigger XSS Cheat sheet. ● Analyzing your app environment and traffic pattern. ● Any Zero-day ● How a IaC rule look like. HOW TO RULE 101 16 scope = "global" group_operator = "all" expiration = "" conditions { type = "single" field = ”domains" operator = "inList" value = "instances-scw-cloud" } actions { type = ”Whitelist" marking = "scw-cloud" } conditions { field = "method" operator = "doesNotEqual" type = "single" value = "DELETE” || value = "PATCH” || value = "GET” || value = "POST” || value = "OPTIONS” || value = "HEAD” || value = "PUT” || } actions { marking = "wrong- http-method" type = "block" } •
Architecture 17 04. How the WAF Functionally and Logically placed in Network
Functional Architecture 18
Where you should Place it 19 1 Reverse Proxy 2 Side Car 3 On the Frontend 4 SaaS Model 5 Customized requirement (Istio, Envoy, Serverless, Agent Only) 6 PaaS Model WAF Strategic Placement
Q&A

Recommended

Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPPaul Ionescu
 
Penetration Testing AWS
Penetration Testing AWSPenetration Testing AWS
Penetration Testing AWSSanjeev Kumar Jaiswal
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
AWS WAF
AWS WAFAWS WAF
AWS WAFAmazon Web Services
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 

Recommended

Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Learn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPLearn to pen-test with OWASP ZAP
Learn to pen-test with OWASP ZAPPaul Ionescu
 
Penetration Testing AWS
Penetration Testing AWSPenetration Testing AWS
Penetration Testing AWSSanjeev Kumar Jaiswal
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
AWS WAF
AWS WAFAWS WAF
AWS WAFAmazon Web Services
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나Amazon Web Services Korea
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVSPrathan Phongthiproek
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CDSimon Bennetts
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunkjamesmbower
 
Caldera İle Saldırı Simülasyonu
Caldera İle Saldırı SimülasyonuCaldera İle Saldırı Simülasyonu
Caldera İle Saldırı SimülasyonuBGA Cyber Security
 
Zap vs burp
Zap vs burpZap vs burp
Zap vs burpTomasz Fajks
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingPriyanka Aash
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceGaurav "GP" Pal
 

More Related Content

What's hot

Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나Amazon Web Services Korea
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CDSimon Bennetts
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesScott Hurrey
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Florian Roth
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunkjamesmbower
 
Caldera İle Saldırı Simülasyonu
Caldera İle Saldırı SimülasyonuCaldera İle Saldırı Simülasyonu
Caldera İle Saldırı SimülasyonuBGA Cyber Security
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingPriyanka Aash
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 

What's hot (20)

Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
랜섬웨어(Ransomware)와 AWS 클라우드 보안 - 신용녀 (AWS 솔루션즈아키텍트) :: 특별 보안 웨비나
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD2021 ZAP Automation in CI/CD
2021 ZAP Automation in CI/CD
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Maturity Model of Security Disciplines
Maturity Model of Security Disciplines Maturity Model of Security Disciplines
Maturity Model of Security Disciplines
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
 
Threat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using SplunkThreat Hunting Web Shells Using Splunk
Threat Hunting Web Shells Using Splunk
 
Caldera İle Saldırı Simülasyonu
Caldera İle Saldırı SimülasyonuCaldera İle Saldırı Simülasyonu
Caldera İle Saldırı Simülasyonu
 
Zap vs burp
Zap vs burpZap vs burp
Zap vs burp
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 

Similar to WAF 101

Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceGaurav "GP" Pal
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Benelux
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Intelligent adware blocker symantec
Intelligent adware blocker symantecIntelligent adware blocker symantec
Intelligent adware blocker symantecPednekar Prajakta
 
ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseErtugrul Akbas
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedSounil Yu
 
Cloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsCloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsIndicThreads
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 

Similar to WAF 101 (20)

Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation Firewall
 
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
Sophos Day Belgium - What's cooking in Sophos' Network Security Group?
 
Day4
Day4Day4
Day4
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Intelligent adware blocker symantec
Intelligent adware blocker symantecIntelligent adware blocker symantec
Intelligent adware blocker symantec
 
ANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponseANET SureLog SIEM IntelligentResponse
ANET SureLog SIEM IntelligentResponse
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
security onion
security onionsecurity onion
security onion
 
Cyber Defense Matrix: Reloaded
Cyber Defense Matrix: ReloadedCyber Defense Matrix: Reloaded
Cyber Defense Matrix: Reloaded
 
Cloud Security:Threats & Mitgations
Cloud Security:Threats & MitgationsCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 

More from Null Bhubaneswar

Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse EngineeringNull Bhubaneswar
 
Lightweight static code analysis with semgrep
Lightweight static code analysis with semgrepLightweight static code analysis with semgrep
Lightweight static code analysis with semgrepNull Bhubaneswar
 
Online_financial_fraud Episode 2
Online_financial_fraud Episode 2Online_financial_fraud Episode 2
Online_financial_fraud Episode 2Null Bhubaneswar
 

More from Null Bhubaneswar (16)

Online_financial_fraud3
Online_financial_fraud3Online_financial_fraud3
Online_financial_fraud3
 
Web App Pen Test
Web App Pen TestWeb App Pen Test
Web App Pen Test
 
BurpSuiteOverview
BurpSuiteOverviewBurpSuiteOverview
BurpSuiteOverview
 
Blue Team
Blue TeamBlue Team
Blue Team
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic Commands
 
Intro to Reverse Engineering
Intro to Reverse EngineeringIntro to Reverse Engineering
Intro to Reverse Engineering
 
Lightweight static code analysis with semgrep
Lightweight static code analysis with semgrepLightweight static code analysis with semgrep
Lightweight static code analysis with semgrep
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug Bounty
 
Information Security 201
Information Security 201Information Security 201
Information Security 201
 
Online_financial_fraud Episode 2
Online_financial_fraud Episode 2Online_financial_fraud Episode 2
Online_financial_fraud Episode 2
 
Information Security 101
Information Security 101Information Security 101
Information Security 101
 
Cloud_PT
Cloud_PT Cloud_PT
Cloud_PT
 
Online Financial Fraud
Online Financial FraudOnline Financial Fraud
Online Financial Fraud
 
Introduction_to_Cloud
Introduction_to_CloudIntroduction_to_Cloud
Introduction_to_Cloud
 
how_to_get_into_infosec
how_to_get_into_infosechow_to_get_into_infosec
how_to_get_into_infosec
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

WAF 101

  • 1. 1 Web Application Firewall Null Bhubaneswar 18 March 2023 Sampad Rout
  • 2. SAMPAD ROUT CISSP® Security Architect | Microsoft A little about me 2
  • 3. 3 GE Industrial R&D security ( Aviation, Power and Water, Renewable Energy, Appliances, Transportation) Royal Bank Of Scotland Securing banking platform mostly mortgage division of Coutts AT&T Securing the Media division HBO, Warner Media Microsoft Securing the Ad Platform Outside Org Reviewer for ISC2, Contribution to Opensource (Virtual Patch / IaC), Trainer EXPERIENCES SO FAR What do I do in Spare time XBOX | BLOG | Stories and Movies Subject Matter Expert on AppSec | Data Protection | Secure Architecture | Container Security | API Security
  • 4. Firewall - Definition, Nomenclature and History, WAF, Difference between Firewall and WAF What is what 01. Pattern Identifiers, Default mechanism, Template rules, Advanced rules, IP reputation CONTENTS 101 Demo How a WAF works 4 03. Look and feel of the rules , Signals and GUI 02. 04. & If Something I left covering which I should have + Q&A Architecture & Placements
  • 5. What is What Firewall, Nomenclature & History, WAF, Difference between Firewall and WAF 01. 5
  • 6. What is a Firewall 6 The name firewall : It came from similar in purpose to physical firewalls designed to contain fires and keep them from spreading. ● Firewalls established a barrier between a network that was internal to a company and considered trusted, and an external network, that was considered untrusted. ● In a simple sense a Firewall controls what traffic should be allowed and what to be blocked into your system based on defined rules & patterns.
  • 7. 7
  • 8. 8 A Firewall is a network security device, may come in as a software, a hardware device or a SaaS model, that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. — Common Definition
  • 9. Firewall Evolution 9 How firewall was enhanced through out Firewall Generations First Generation Second Generation 2.5 Generation Stateless Stateful, Bidirectional Targeted / Specialized Firewalls Packet Filters based on IP and Ports / L3 or L4 Connection / Session based IP , Ports / L3 or L4 IPS, UTM,URL Filtering IP Tables, OS firewall, Basic Switches Usage : ACLs Advanced Switches Usage : ACLs , DMZ Up to L5-L7, Scaling and Performance IP Spoofing, Valid return traffic vs Imposter Good traffic vs Bad Traffic Signature oriented, No Dynamisms
  • 10. Firewall Evolution Cont.. 10 How firewall was enhanced through out Firewall Generations Third Generation Next-Gen Stateful, Scalable Stateful, Hybrid, RBAC, User grp identify HTTP conversation & apps specific attacks/ L7 Deep packet inspection, Adv threat protection/L7 Host based Application firewalls, WAF Performance, QoS, non- Disruptive Vendor issued NGFW Juniper, CISCO, Checkmarx etc
  • 11. Web Application Firewall A web application firewall (WAF) protects web applications (hosted in any platform)from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection etc (OWASP Top 10) and beyond. 11 Port / OSI ref model Layer 2 DataLink Layer 3 Network Layer 4 Transport Layer 5 Session Layer 6 Presentation Layer 7 Application Layer 1 Physical WEB APP FIREWALL NETWORK FIREWALL
  • 12. 12 How a WAF works 02. Pattern Identifiers, Default mechanism, Template rules, Advanced rules, IP reputation
  • 13. Based on Actions / Perform Traffic Pattern Audit/ Monitor Block Allow (Supersedes) Defined Set Whitelist(Supersedes) Blacklist Handle / Gauge True Positives False Positives True Negatives False Negatives RBAC Read-only (Most) App based (App Owners) Admin (Ops) Super User / God mode (Improvements) Action Matrix 13
  • 14. PREVENTIVE & TECHNICAL CONTROL 14 Basic Model DESCRIPTION EXAMPLE Happened nth time If a malicious event happens for nth number of time with in a defined period from a particular IP/user. XSS/ Inj attack / Failed login pattern detected 50 times in a minute - Block Reputation WAF’s global analysis engine IP, DCs gets flagged as bad actors for 24 hrs globally Templated rules Supports zero-days and virtual patching If there is no patch released or You are not able to patch Complex and Adv rules Complex rules, Combination of rules Whitelist ~ Blacklisted, Allowed ~Blocked and track~ discover
  • 15. 15 LET’S SEE HOW IT LOOKS 03. Enough Talk, Let’s see it in action
  • 16. Start from the basic: ● OWASP / Port Swigger XSS Cheat sheet. ● Analyzing your app environment and traffic pattern. ● Any Zero-day ● How a IaC rule look like. HOW TO RULE 101 16 scope = "global" group_operator = "all" expiration = "" conditions { type = "single" field = ”domains" operator = "inList" value = "instances-scw-cloud" } actions { type = ”Whitelist" marking = "scw-cloud" } conditions { field = "method" operator = "doesNotEqual" type = "single" value = "DELETE” || value = "PATCH” || value = "GET” || value = "POST” || value = "OPTIONS” || value = "HEAD” || value = "PUT” || } actions { marking = "wrong- http-method" type = "block" } •
  • 17. Architecture 17 04. How the WAF Functionally and Logically placed in Network
  • 19. Where you should Place it 19 1 Reverse Proxy 2 Side Car 3 On the Frontend 4 SaaS Model 5 Customized requirement (Istio, Envoy, Serverless, Agent Only) 6 PaaS Model WAF Strategic Placement
  • 20. Q&A