Owasp-London Chapter meeting: "Web Application Firewalls (WAF): Where do they add value and who should be using them"

[Dinis Cruz <dinis () ddplus net>]

On April 25th 2006, the Owasp-London chapter is hosting a meeting on the
topic *"Web Application Firewalls: Where do they add value and who
should be using them"*

This event will take place on the Priory House pub (see
http://www.priorybars.com/prioryhouse/findus.asp for more details and
maps), which is walking distance from the Olimpia exposition center. The
25th will be the first day of London's InfoSec Conference, so I expect
that most of you will go to the conference during the day and end up in
the Priory House pub for drinks, food and WAF talks.

The theme of the night will be WAFs (Web Application Firewalls) and the
idea is to bypass the WAF vendor's marketing materials and see where
WAFs can be used to increase the security of web applications. To
achieve this objective there will be 4 presentations from 4 different
WAF vendors: F5, NetContinuum, Imperva and Fortify Software.

Each vendor will be given 15-20 minutes to explain how their product is
able to protect a website that is vulnerable to a pre-defined set of
vulnerabilities (if you want their marketing material you can visit them
at Info Sec :). Basically the WAF vendor's brief is "... here is a
website which has X number of vulnerabilities AND (very important) it is
under attack. The client needs to patch these issues ASAP (no time to
wait for the developers to fix, test and deploy a new version of the
application (i.e. change the source code)). Basically the vulnerable
application must be protected without touching its source code..."

The Asp.Net website that these WAF need to defend is one created by
Owasp SiteGenerator (current version 0.70) and will contain
vulnerabilities such as: SQL Injection, XSS, Authorization issues,
Remote Command Execution, File disclosure,ViewState Information
Disclosure and Poor Crypto.

Agenda:

17:30 - InfoSec closes
18:00 - First drinks at Priory House and socialize
19:00 - (20m) Presentation:  "Owasp SiteGenerator" and
            "Web Application Firewalls (WAF): Where do they add value
and who should be using them" - Dinis Cruz
19:20 - (20m) F5 slot
19:40 - (20m) Imperva slot
20:00 - Break for drinks
20:20 - (20m) NetContinuum slot
20:40 - (20m) Fortify Software slot
21:00 - (20m) Panel with all vendors (with Q&A from audience) moderated
by Dinis Cruz
21:30 - Find food

For the ones that cannot attend, I will record this event and release it
as a podcast (now that I have mastered the way to do it :).

If you are planning to attend, RSPV to dinis.cruz () owasp net so that we
have an idea of the numbers.

Finally I just want to thank F5 who is sponsoring this event (with the
Priory House venue, a Projector and maybe some drinks :)

Best regards

Dinis Cruz
Owasp .Net Project
www.owasp.net





 


 



-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------