webapp security in the digital age - cisco · f5 networks positioned as a leader in 2017 gartner...
TRANSCRIPT
![Page 1: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/1.jpg)
![Page 2: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/2.jpg)
![Page 3: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/3.jpg)
• Introduction• Who needs WAF anyway?
• The Death of WAF?
• Advanced WAF
• Why F5?
![Page 4: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/4.jpg)
https://laurent22.github.io/so-injections/
![Page 5: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/5.jpg)
https://laurent22.github.io/so-injections/
![Page 6: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/6.jpg)
![Page 7: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/7.jpg)
• 13 major airlines
• flight information
• credit card
• personal data
• 1,5 year
![Page 8: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/8.jpg)
![Page 9: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/9.jpg)
![Page 10: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/10.jpg)
![Page 11: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/11.jpg)
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
![Page 12: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/12.jpg)
![Page 13: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/13.jpg)
![Page 14: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/14.jpg)
https://www.paloaltonetworks.com/content/dam/paloaltonetworks-
com/en_US/assets/pdf/tech-briefs/paloaltonetworks-vs-waf.pdf
![Page 15: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/15.jpg)
Data Leak Protection
Prevent Bot Attack
(DDOS, VA tools, web scraping, brute force, etc.)
Protect Web/API
from L7 AttackStop bad
Users(Device ID)
BIG-IP ASM extends protection to more than application vulnerabilities
Attack Visibility & Logging
Automatic Policy
Builiding (Dynamic
configuration)
![Page 16: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/16.jpg)
Automatic Policy Building1
/images/banner.jpg
/login.php
/css/design.css
/app/app.php
/js/jquery.js
URLs & File Types
name={alphanumeric, len=16}
address={any char, len=100}
file={multipart/form-data,
maxSize=10MB}
price={numeric, tampering protection=on,
len=10 }
Parameters
Cookie: name=value
Cookie:JSESSIONID=1A5306372...
Cookie: price=399;total=1399
Cookies
.exe
/admin/wp-admin
/login.php?name=jerrick; ls /etc/
(+) sec model : enforcing legitimate traffic only
Server Technologies
![Page 17: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/17.jpg)
Protect Web/API from
Known Attack2
/etc/passwd
‘ OR 1=1 --;
OWASP top 10 Buffer overflowsParser Attacks Zero-day attacks
CSRF Parameter tamperingCross-site scripting Evasion technique
Forceful browsing
Information Leakage
Malformed headers RFI
Session Hijacking
SQL injections
Command injection Many more …
(-) sec model : protecting against known attacks
%2527%2BOR%2B1%253D1%2B%2523;
‘ OR 1=1 --;
![Page 18: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/18.jpg)
48%
23%
29%
Humans Good Bots Bad Bots
Traffic generated by Humans
Traffic generated by Good Bots like Bing, Google Bot…
Traffic generated by Bad Bots like scanners, password guessing…
29%
48%
23%
Incapsula Bot Traffic Report 2016
Prevent Bot Attack3
![Page 19: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/19.jpg)
Prevent Bot Attack3
Good Bot
Human
Bad Bot
Validate bot or human on initial site access
Differentiate good bots and bad bots
Real time challenge (js and captcha)
Scraping and brute force protection
![Page 20: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/20.jpg)
Stop Bad Users4
Stop users from specific country/region (Geolocation)
Stop users/sessions that trigger violation
(session tracking)
Stop users with badIP reputation
Persistent Attacker
AnonymousProxy
VulnerabilityScanner
Stop unique device/browser access(Browser fingerprinting)
![Page 21: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/21.jpg)
Stop Bad Users4
![Page 22: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/22.jpg)
Mask Sensitive Data5
Cc=4012 8888 9999 1881Cc=#### #### #### ####
![Page 23: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/23.jpg)
See Hostile Traffic6
![Page 24: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/24.jpg)
See Hostile Traffic6
![Page 25: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/25.jpg)
![Page 26: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/26.jpg)
![Page 27: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/27.jpg)
Network Firewall
Regular user
Web server
Allow TCP/80, TCP/443
DB serverApp server
Regular user
![Page 28: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/28.jpg)
![Page 29: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/29.jpg)
80%
80/20 RULE
• Cross-Site Scripting
• Information Leakage
• Injection
Responsible
for 78% of all
vulnerabilities
![Page 30: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/30.jpg)
![Page 31: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/31.jpg)
•
•
•
••
![Page 32: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/32.jpg)
WHY F5?
![Page 33: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/33.jpg)
F5 is the only vendor who uses the same product for cloud- based as on-premises,
which enables simple policy sharing and improved security effectiveness
Virtual Edition
Secures applications deployed in Virtualized and
IaaS environments
Datacenter Appliance
Protects business critical applications in the
datacenter
Immediately turn on new services or scale existing protections without capital investment and resource
requirements
WAF as a Service
![Page 34: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/34.jpg)
Gartner Magic Quadrant for WAF
F5 is highest in execution within the
Leaders Quadrant.
F5 Networks Positioned as a
Leader in 2017 Gartner Magic
Quadrant for Web Application
Firewalls*
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from F5 Networks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
* Gartner, Magic Quadrant for Web Application Firewalls,
Jeremy D’Hoinne, Adam Hils, Claudio Neiva, 7 August 2017
![Page 35: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/35.jpg)
Gartner Magic Quadrant for ADC+WAF?Figure 1. Magic Quadrant for Application Delivery Controllers
Source: Gartner (August 2016)
![Page 36: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/36.jpg)
Tzoori Tamam
F5 WAF Product Manager
![Page 37: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/37.jpg)
![Page 38: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/38.jpg)
DevCentral https://devcentral.f5.com/
AskF5/Support https://ask.f5.com/
iHealth https://ihealth.f5.com/
University https://university.f5.com/
![Page 39: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/39.jpg)
![Page 40: WebApp Security in the Digital Age - Cisco · F5 Networks Positioned as a Leader in 2017 Gartner Magic Quadrant for Web Application Firewalls* This graphic was published by Gartner,](https://reader033.vdocuments.net/reader033/viewer/2022042121/5e9b5529b888e948db1b790c/html5/thumbnails/40.jpg)