Web Application Firewall

Download Report

Transcript Web Application Firewall

WAPPLES
Web Application Firewall
Web Applications
What is a web application?
“A web application is a multi-layered entity that includes code
and data residing in many places within the enterprise that
can be accessed directly or indirectly from the Internet.”
•Services provided via websites
•Online banking services
•Webmail
•Online retail sales
WAPPLES: The Intelligent Web Application Firewall
Web Application Firewalls: An Overview
A web application firewall (WAF) secures web applications!
What is a WAF?
 Web Application Firewall
 It executes a security analysis of the
OSI 7 layer between all messages of the
web server and the web client.
 It protects against attacks aimed at
web applications.
 Roles
 It protects web servers from external attacks (service in)
 It protects against leakage of important information
from the web server (service out)
WAPPLES: The Intelligent Web Application Firewall
OWASP: Top Ten Threats
Open Web Application Security Project: http://www.owasp.org
• Injection (SQL, OS, LDAP)
• Broken Authentication and Session Management
• Cross Site Scripting (XSS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Missing Function-Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Components with Known Vulnerabilities
• Invalidated Redirects and Forwards
WAPPLES: The Intelligent Web Application Firewall
Network Firewall, IDS/IPS, or WAF?
Network Firewalls and IDS/IPS cannot protect web applications
against the OWASP Top 10 Threats, but a Web Application Firewall
(WAF) can!
Network
Firewall
IDS / IPS
WAF
A1: Injection
X
△
√
A2: Broken Authentication and Session Management
X
△
√
A3: Cross-Site Scripting (XSS)
X
△
√
A4: Insecure Direct Object References
X
X
√
A5: Security Misconfiguration
X
X
√
A6: Sensitive Data Exposure
X
X
√
A7: Missing Function Level Access Control
X
X
√
A8: Cross-Site Request Forgery (CSRF)
X
X
√
A9: Using Components with Known Vulnerabilities
X
√
√
A10: Unvalidated Redirects and Forwards
X
X
√
OWASP Top 10 (2013)
WAPPLES: The Intelligent Web Application Firewall
Network Firewall, IDS/IPS, or WAF?
– Comparing Network Firewalls, IDS/IPS, and WAFs:
Network Firewalls
• Network Firewalls cannot
detect or analyze attacks
targeting web applications.
• Network Firewalls generally
cannot protect Port 80.
WAPPLES: The Intelligent Web Application Firewall
IDS/IPS
Web Application Firewall
• Cannot typically analyze
application layer attacks.
• Can inspect all traffic between
• Easy for attackers to bypass
• Can inspect protocol
the Web client and Web server
• Can inspect encrypted traffic
Introducing WAPPLES
WAPPLES: Intelligent Web Application Firewall
The intelligent Web Application Firewall : WAPPLES
•
•
•
•
•
Protects against the OWASP Top 10
Detects and blocks known and unknown attacks
Enables regulatory compliance, including PCI-DSS
Prevents leakage of personal information
Utilizes a logic analysis based intelligent detection engine with a low false
positive rate (instead of pattern-matching) to detect threats and attacks
WAPPLES: The Intelligent Web Application Firewall
WAPPLES: A User-Friendly WAF
•
WAPPLES’ GUI-based User Console
 Provides a Customizable
User View with its Tab
Docking Capability
• Relocation of each window
• Saves User View settings
 Supports Quick Configuration
• Supports configuration by levels
• Simplifies complex settings
• Easy-to-use Settings Wizard
WAPPLES: The Intelligent Web Application Firewall
WAFFLES GUI
Web Application Firewalls: An Overview
• Protects against web attacks
• Prevents leakage of personal, confidential, and/or proprietary information
• Enables regulatory compliance
WAPPLES: The Intelligent Web Application Firewall
WAPPLES 27 Rules
1
Buffer Overflow
10
Invalid HTTP
19
Response Header Filtering
2
Cookie Poisoning
11
Invalid URI
20
SQL Injection
3
Cross Site Script
12
IP Filtering
21
Stealth Commanding
4
Directory Listing
13
Parameter Tampering
22
Suspicious Access
5
Error Handling
14
Privacy File Filtering
23
Unicode Directory Traversal
6
Extension Filtering
15
Privacy Input Filtering
24
URI Access Control
7
File Upload
16
Privacy Output Filtering
25
User Defined
8
Include Injection
17
Request Header Filtering
26
Web Site Defacement
9
Input Contents Filtering
18
Request Method Filtering
27
IP Block
Buffer Overflow
File Upload
Invalid http
DEPLOYMENT: Bridge Mode
request
192.168.1.1
FireWall #1
respond
Switch
192.168.1.3
Wapples
192.168.1.5
Web VM
192.168.1.4
DEPLOYMENT: Proxy Mode
request
respond
192.168.1.1
FireWall #1
Wapples
Switch
192.168.1.3
192.168.1.5
Web VM
192.168.1.4
WAPPLES: A User-Friendly WAF
•The WAPPLES Customizable Reporting Function enables users to create reports
featuring the data that is most important to them.
Sample Report Pages
Sample Table of Contents
WAPPLES: The Intelligent Web Application Firewall
WAFFLES Reporting
WAFs Enable Regulatory Compliance
Web application firewalls enable regulatory compliance.
Payment Card Industry Data Security Standard, (PCI DSS,
2004), is an international information security standard for
companies dealing with electronic payment transactions
(credit cards, debit cards, etc.).
• Requires secure management of cardholder data.
• Fines for violations can range from $5000-$100,000 USD per month.
Other well-known regulations which are associated with
accurate web application security include the Health
Insurance Portability and Accountability Act (HIPAA,
USA, 1996), and the Federal Information Security
Management Act (FISMA, USA, 2002).
WAPPLES: The Intelligent Web Application Firewall
WAPPLES: The Intelligent WAF
• WAPPLES Unique Technology Enables the Following:
 Higher Performance
•
•
No additional system load due to inputting new patterns.
Typically, more than 5,000 patterns reduces system performance.
No difference in performance between test environments and real operational environments.
 Ease of Use and Less Maintenance
•
•
•
•
Installation without (or with minimal) changes in server and network settings is possible.
Extremely low management burden for security administrators.
No pattern/signature updates required.
S/W version update service available.
 Visualizes Various Information
•
•
•
Web Traffic, Hit Count, Detection Logs
Statistics by hour, day, week, month, or year
Supports more than 22 visualized charts
WAPPLES: The Intelligent Web Application Firewall
Select List of Clients
END
Thank you for listening.