Book description
Firewalls have traditionally focused on network traffic, but with the advent of cloud computing and DevOps, security and operations professionals need a more sophisticated solution to track session state and application layer activity. In this ebook, cyber security consultant Chad Russell covers the current application threat landscape for modern deployment architectures, and explains the evolution of web application firewall (WAF) technologies for countering these attacks.
Developers today increasingly rely on third-party libraries for application development, but many of these libraries include vulnerabilities that attackers actively exploit. With this ebook, you’ll explore the specifics of WAF functionality for filtering, monitoring, and blocking HTTP traffic to and from a web application, and learn how to incorporate WAFs into existing and planned infrastructure, whether it’s a cloud, on-premise, or hybrid deployment.
You’ll examine:
- The Top 10 application layer attacks compiled by the Open Web Application Security Project (OWASP)
- Security vulnerabilities, including business logic attacks, distributed denial of service, online fraud, social engineering, and malware
- WAF core and emergent capabilities, such as XSS and sessions attack protection, SIEM integration, and malware inspection and sandboxing
- Security solutions and technologies that work with WAF, including API gateways, and data loss prevention solutions
Table of contents
- Introduction
- 1. Current Application Threats and Challenges
-
2. Types of Attacks
-
The OWASP Top 10
- A1: Injection
- A2: Broken Authentication
- A3: Sensitive Data Exposure
- A4: XML External Entities (XXE) (New)
- A5: Broken Access Control
- A6: Security Misconfiguration
- A7: Cross-Site Scripting (XSS)
- A8: Insecure Deserialization (New)
- A9: Using Components with Known Vulnerabilities
- A10: Insufficient Logging and Monitoring
- Business Logic Attacks
- Predictable User Names
- Avoid Weak Passwords
- Model Threats During the Design Phase
- Distributed Denial of Service Attacks
- Online Fraud
- Social Engineering
- Malware
-
The OWASP Top 10
-
3. Evolution of Firewall and Web Application Firewall Technology
- Traditional Intrusion Detection System and Intrusion Prevention System Technology
- Next Generation Firewalls
- WAF Technology
- Detecting and Addressing Application Layer Attacks (SQL Injection, Cross-Site Scripting, Session Tampering)
- Core WAF Capabilities
- Anatomy of an XSS Attack
- WAF XSS Filters and Rules
- How WAFs Can Protect Against Session Attacks
- Minimizing WAF Performance Impact
- WAF High-Availability Architecture
- WAF Management Plane
- Emergent WAF Capabilities
- WAFs and Their Part in SOC Modernization
- WAFs Authentication Capabilities
- Malware Inspection and Sandboxing
- Detecting and Addressing WAF/IDS Evasion Techniques
- Adjacent Solutions and Technologies
- WAF Deployment Models
- 4. Designing a Comprehensive Network Security Solution
- Afterword
Product information
- Title: Web Application Firewalls
- Author(s):
- Release date: April 2018
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492032304
You might also like
book
Securing Web Applications
Most enterprise applications today live on the network edge, right where attackers are focusing increasing attention …
book
Securing Node Applications
Security incidents are indeed on the rise, but according to one authoritative analysis, 85% of all …
video
Writing Secure Code in ASP.NET
With the growing need for cybersecurity across the world, developers who have mastered cyber resilience get …
book
Securing Network Infrastructure
Plug the gaps in your network's infrastructure with resilient network security models Key Features Develop a …