Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Chad Russell
Web Application Firewalls
Introduction
1. Current Application Threats and Challenges
Code Complexity, Microservices, and Third-Party Libraries
Microservices and Container Security
Industrialization of Attacks Using Botnets
Gaining Access to Data Through Code Manipulation or Sensitive Credential Compromise
End-User Accounts
Sensitive and Privileged Accounts
2. Types of Attacks
The OWASP Top 10
A1: Injection
A2: Broken Authentication
A3: Sensitive Data Exposure
A4: XML External Entities (XXE) (New)
A5: Broken Access Control
A6: Security Misconfiguration
A7: Cross-Site Scripting (XSS)
A8: Insecure Deserialization (New)
A9: Using Components with Known Vulnerabilities
A10: Insufficient Logging and Monitoring
Business Logic Attacks
Example
Predictable User Names
Avoid Weak Passwords
Address Security in the Design Phase
Model Threats During the Design Phase
Distributed Denial of Service Attacks
Queue the Internet of Things
Online Fraud
Social Engineering
Malware
3. Evolution of Firewall and Web Application Firewall Technology
Traditional Intrusion Detection System and Intrusion Prevention System Technology
IDS/IPS Evasion Techniques
Next Generation Firewalls
WAF Technology
WAFs and Virtual Patching
Detecting and Addressing Application Layer Attacks (SQL Injection, Cross-Site Scripting, Session Tampering)
Detecting SQL Injection Attacks
Encoding and Whitespace Diversity
Core WAF Capabilities
WAF Rulesets and Heuristics to the Rescue
XSS Attacks and WAF Protection
Anatomy of an XSS Attack
WAF XSS Filters and Rules
How WAFs Can Protect Against Session Attacks
Minimizing WAF Performance Impact
WAF Performance Optimization
WAF High-Availability Architecture
WAF Management Plane
Emergent WAF Capabilities
Security Information and Event Management Integration
DevOps Security Testing
Security Operation Center Automation
Cybersecurity Skills Shortage
WAFs and Their Part in SOC Modernization
WAF Threat Intelligence and Feed Correlation
WAFs Authentication Capabilities
Malware Inspection and Sandboxing
Detecting and Addressing WAF/IDS Evasion Techniques
Virtual Patching
Adjacent Solutions and Technologies
API Gateways
Bot Management and Mitigation
Runtime Application Self-Protection
Content Delivery Networks and DDoS Attacks
Data Loss Prevention
Data Masking and Redaction
WAF Deployment Models
On-Premises
Native Cloud
Cloud-Virtual
In-Line Reverse-Proxy
Transparent Proxy/Network Bridge
Out of Band
Multitenancy
Single Tenancy
Software Appliance Based
Hybrid
4. Designing a Comprehensive Network Security Solution
XYZ Corp
A Note About Native Cloud Security Services versus Specialized Services
Afterword
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Web Application Firewalls
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset