WebApp Sec mailing list archives
Owasp-London Chapter meeting: "Web Application Firewalls (WAF): Where do they add value and who should be using them"
From: Dinis Cruz <dinis () ddplus net>
Date: Thu, 20 Apr 2006 01:30:30 +0100
On April 25th 2006, the Owasp-London chapter is hosting a meeting on the topic *"Web Application Firewalls: Where do they add value and who should be using them"* This event will take place on the Priory House pub (see http://www.priorybars.com/prioryhouse/findus.asp for more details and maps), which is walking distance from the Olimpia exposition center. The 25th will be the first day of London's InfoSec Conference, so I expect that most of you will go to the conference during the day and end up in the Priory House pub for drinks, food and WAF talks. The theme of the night will be WAFs (Web Application Firewalls) and the idea is to bypass the WAF vendor's marketing materials and see where WAFs can be used to increase the security of web applications. To achieve this objective there will be 4 presentations from 4 different WAF vendors: F5, NetContinuum, Imperva and Fortify Software. Each vendor will be given 15-20 minutes to explain how their product is able to protect a website that is vulnerable to a pre-defined set of vulnerabilities (if you want their marketing material you can visit them at Info Sec :). Basically the WAF vendor's brief is "... here is a website which has X number of vulnerabilities AND (very important) it is under attack. The client needs to patch these issues ASAP (no time to wait for the developers to fix, test and deploy a new version of the application (i.e. change the source code)). Basically the vulnerable application must be protected without touching its source code..." The Asp.Net website that these WAF need to defend is one created by Owasp SiteGenerator (current version 0.70) and will contain vulnerabilities such as: SQL Injection, XSS, Authorization issues, Remote Command Execution, File disclosure,ViewState Information Disclosure and Poor Crypto. Agenda: 17:30 - InfoSec closes 18:00 - First drinks at Priory House and socialize 19:00 - (20m) Presentation: "Owasp SiteGenerator" and "Web Application Firewalls (WAF): Where do they add value and who should be using them" - Dinis Cruz 19:20 - (20m) F5 slot 19:40 - (20m) Imperva slot 20:00 - Break for drinks 20:20 - (20m) NetContinuum slot 20:40 - (20m) Fortify Software slot 21:00 - (20m) Panel with all vendors (with Q&A from audience) moderated by Dinis Cruz 21:30 - Find food For the ones that cannot attend, I will record this event and release it as a podcast (now that I have mastered the way to do it :). If you are planning to attend, RSPV to dinis.cruz () owasp net so that we have an idea of the numbers. Finally I just want to thank F5 who is sponsoring this event (with the Priory House venue, a Projector and maybe some drinks :) Best regards Dinis Cruz Owasp .Net Project www.owasp.net ------------------------------------------------------------------------- This List Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Owasp-London Chapter meeting: "Web Application Firewalls (WAF): Where do they add value and who should be using them" Dinis Cruz (Apr 20)