1 / 17

Web Application Firewall

hanley
Download Presentation

Web Application Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Web Application Firewall

    2. BugSec Products

    3. The problem

    4. Network Firewall & Http

    5. The ultimate rules Monitoring - knowing what happened Detection - knowing when you are being attacked Prevention - stop attacks before they succeed Assessment - discover vulnerabilities before attackers do

    6. The solution WebSniper - Web Application Firewall Real-time protection for known and unknown attacks Easy to install and manage Minimum performance interference Real-time statistics as well as graphical reports Protection against WEB attacks Preventing information leakage Protection layer on the client side

    7. Implementation

    8. Identification Methods WebSniper combines 2 common identification methods: Positive Security Model: Automatically builds a site policy Allows only intended business interactions Maintains intended application behaviour Negative Security Model: Blocks known attacks based on signatures, heuristics or rules need patch installed or signatures written to block new threats

    9. Features Audit logging Defends from specific attacks Defends from general attacks Defends from brute-force attacks Enforce client-side validation Introduce per-session restrictions Learn how application works over time, then create a white list

    10. Unique Features Removing instead of blocking attacks - reduces false positive Client Side Protection - Protects the users of the websites as well as the organization Parameters encryption – high level transaction security Identity theft prevention Data conversion – allow to control outbound security Significantly short implementation comparing to other solutions

    11. Choose your option WebSniper can be implemented in 3 ways: Gateway - As an appliance Host based - As a software (ISA server or IIS required) ASP service – Remote protection (basically for small organization)

    12. Block Signatures New signatures can be easily added

    13. Regular Expression builder

    14. Auto learn parameters Self learning mechanism

    15. Logs Clear and easy to use logs system

    16. Reporting system Clear reporting system

    17. Thank You Contact us: 11 Moshe Levi St., Rishon le Zion 75070, Israel Tel: +972-3-9622655 | Fax: +972-3-9511433 | E-mail: info@bugsec.com Visit us at our website: www.bugsec.com

More Related