Transcription

Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

https://laurent22.github.io/so-injections/

https://laurent22.github.io/so-injections/

13 major airlinesflight information credit card personaldata 1,5 year

ns/worlds-biggest-data-breaches-hacks/

ltonetworkscom/en pdf

BIG-IP ASM extends protection to more than application vulnerabilitiesAttack Visibility &LoggingAutomatic PolicyBuiliding (Dynamicconfiguration)Data LeakProtectionProtect Web/APIfrom L7 AttackStop badUsers(Device ID)Prevent Bot Attack(DDOS, VA tools, webscraping, brute force, etc.)

1Automatic Policy Building.exe/admin/wp-admin/login.php?name jerrick; ls /etc/Server TechnologiesParametersURLs & File pp/app.php/js/jquery.jsname {alphanumeric, len 16}address {any char, len 100}file {multipart/form-data,maxSize 10MB}price {numeric, tampering protection on,CookiesCookie: name valueCookie:JSESSIONID 1A5306372.Cookie: price 399;total 1399len 10 }( ) sec model : enforcing legitimate traffic only

2Protect Web/API fromKnown Attack/etc/passwd‘ OR 1 1 --;%2527%2BOR%2B1%253D1%2B%2523;‘ OR 1 1 --;OWASP top 10CSRFForceful browsingInformation LeakageParser AttacksCross-site scriptingMalformed headersSession HijackingBuffer overflowsParameter tamperingSQL injectionsCommand injectionZero-day attacksEvasion techniqueRFIMany more (-) sec model : protecting against known attacks

3Prevent Bot Attack48%Traffic generated by Humans23%Traffic generated by Good Bots likeBing, Google Bot 29%Traffic generated by Bad Bots likescanners, password guessing 29%48%23%HumansIncapsula Bot Traffic Report 2016Good BotsBad Bots

3Validate bot or human on initial site accessDifferentiate good bots and bad botsBad BotGood BotScraping and brute force protectionHumanReal time challenge (js and captcha)Prevent Bot Attack

4Stop uniquedevice/browser access(Browser fingerprinting)Stop users/sessions thattrigger violation(session roxyScannerStop users with badIP reputationStop users from specificcountry/region(Geolocation)Stop Bad Users

4Stop Bad Users

5Cc #### #### #### ####Cc 4012 8888 9999 1881Mask Sensitive Data

6See Hostile Traffic

6See Hostile Traffic

Allow TCP/80, TCP/443Regular userWeb serverNetwork FirewallRegular userApp serverDB server

Cross-Site Scripting Information LeakageResponsiblefor 78% of allvulnerabilities80% Injection80/20 RULE

WHY F5?

F5 is the only vendor who uses the same product for cloud- based as on-premises,which enables simple policy sharing and improved security effectivenessVirtual EditionDatacenter ApplianceWAF as a ServiceSecures applicationsdeployed in Virtualized andIaaS environmentsProtects business criticalapplications in thedatacenterImmediately turn on newservices or scale existingprotections without capitalinvestment and resourcerequirements

Gartner Magic Quadrant for WAFF5 Networks Positioned as aLeader in 2017 Gartner MagicQuadrant for Web ApplicationFirewalls*F5 is highest in execution within theLeaders Quadrant.* Gartner, Magic Quadrant for Web Application Firewalls,Jeremy D’Hoinne, Adam Hils, Claudio Neiva, 7 August 2017This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document isavailable upon request from F5 Networks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology usersto select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and shouldnot be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability orfitness for a particular purpose.

Gartner Magic Quadrant for ADC WAF?Figure 1. Magic Quadrant for Application Delivery ControllersSource: Gartner (August 2016)

Tzoori TamamF5 WAF Product Manager

.f5.com/https://university.f5.com/