24
Web Application Firewalls Jerônimo Zucco [email protected]

Introducão a Web Applications Firewalls

Embed Size (px)

DESCRIPTION

Introdução a Web Applications Firewalls - Apresentação realizada no dia 31/março/2011 no primeiro encontro do grupo OWASP Porto Alegre - http://www.owasp.org/index.php/Porto_Alegre

Citation preview

Page 1: Introducão a Web Applications Firewalls

Web Application Firewalls

Jerônimo [email protected]

mailto:[email protected]
mailto:[email protected]
Page 2: Introducão a Web Applications Firewalls

Jerônimo Zucco

• CISSP - Certified Information Systems Security Professional

• Blog: http://jczucco.blogspot.com

• Twitter: @jczucco

• http://www.linkedin.com/in/jeronimozucco

• http://www.owasp.org/index.php/User:Jeronimo_Zucco

http://jczucco.blogspot.com
http://jczucco.blogspot.com
http://www.linkedin.com/in/jeronimozucco
http://www.linkedin.com/in/jeronimozucco
http://www.owasp.org/index.php/User:Jeronimo_Zucco
http://www.owasp.org/index.php/User:Jeronimo_Zucco
Page 3: Introducão a Web Applications Firewalls

Onde os dados estão ?

Page 4: Introducão a Web Applications Firewalls

Quem acessa os dados ?

Page 5: Introducão a Web Applications Firewalls

Onde estão as aplicações ?

Page 6: Introducão a Web Applications Firewalls

O NOVO PERÍMETRO

Page 7: Introducão a Web Applications Firewalls

Fonte: WhiteHat Website Security Statistics Report

Page 8: Introducão a Web Applications Firewalls

WAF ?

Dispositivo (Camada 7) especializado em aplicações Web

Page 9: Introducão a Web Applications Firewalls

Capacidade de detectar e bloquear ataques

•Ataques Diretos

•Ataques Indiretos

•Modelo Positivo

•Modelo Negativo

•Modo de Aprendizagem

Page 10: Introducão a Web Applications Firewalls

Detecção

• Inspeciona cabecalho e o corpo da requisição

• Inspeciona cabecalho e corpo da resposta

• Inspeção de arquivos upload

Page 11: Introducão a Web Applications Firewalls

Violação de protocolo

• Vulnerabilidades do protocolo

• Tamanho das requisições

• Caracteres não ASCII nos cabeçalhos

• Validação de cabeçalhos

• Tentativa de uso como proxy

Page 12: Introducão a Web Applications Firewalls

Políticas

• Whitelists

• Tamanho do request/upload

• Restrição de métodos (WebDAV, CONNECT, TRACE, DEBUG)

• Extensão de arquivos

Page 13: Introducão a Web Applications Firewalls

Clientes Maliciosos

• Comentários SPAM

• Blacklists

• Scanners

Page 14: Introducão a Web Applications Firewalls

Ataques na Aplicação

• SQL injection e blind SQL injection

• Cross site scripting (XSS)

• Injeção de comando no SO ou acesso remoto

• Inclusão remota de arquivos maliciosos

• Assinaturas de vulnerabilidades p/apps conhecidas

• Detecção de malware em uploads ou links maliciosos

Page 15: Introducão a Web Applications Firewalls

Virtual Patching

• Correcão de um erro da aplicação através de criação de regra no WAF

• Correções rápidas

• Zero Days

• Aplicações fechadas

• Custo para correção

Page 16: Introducão a Web Applications Firewalls

Vazamento de Informação

• Última linha de defesa

• Vazamento de informações (Nro. Cartão de crédito, CPF, etc)

• Erros HTTP

• Informações do Banco de Dados

• Stack Dumps

Page 17: Introducão a Web Applications Firewalls

Debug

•Detecção de erros na aplicação

•Reprodução de eventos

•Registro de eventos

•Auxílio no debug de aplicação

Page 18: Introducão a Web Applications Firewalls

WAFs Comerciais

• WebDefend - Trustwave

• SecureSphere - Imperva

• Hyperguard - Art of Defence

• Barracuda Web Application Firewall

• Cisco ACE Web Application Firewall

Page 19: Introducão a Web Applications Firewalls

WAFs Código Aberto

•ModSecurity - Trustwave

•WebKnight - Aqtronix (dll IIS)

• IronBee - Qualys

Page 20: Introducão a Web Applications Firewalls

Conclusões

• Porque não corrigir a aplicação ?

• Impacto na performance

• Falso positivos e negativos

• WAF = Mais uma camada de proteção

Page 21: Introducão a Web Applications Firewalls

Referências

• Web Application Firewall Evaluation Criteria (WAFEC) - http://is.gd/kYpTjO

• Web Application Security Consortium - http://www.webappsec.org

• OWASP Best Practices: Web Application Firewalls - http://is.gd/Uat2Lw

• OWASP Securing WebGoat using ModSecurity - http://is.gd/imfq0z

http://is.gd/kYpTjO
http://is.gd/kYpTjO
http://www.webappsec.org
http://www.webappsec.org
http://is.gd/Uat2Lw
http://is.gd/Uat2Lw
http://is.gd/imfq0z
http://is.gd/imfq0z
Page 22: Introducão a Web Applications Firewalls

Perguntas ?

Page 23: Introducão a Web Applications Firewalls

http://www.appseclatam.org

http://www.owasp.org/index.php/AppSecLatam2011
http://www.owasp.org/index.php/AppSecLatam2011
Page 24: Introducão a Web Applications Firewalls

Obrigado !

[email protected]

mailto:[email protected]
mailto:[email protected]

Introducão e Conceitos Termodinamicos

Introducão e Conceitos Termodinamicos

Documents
Introducão a Estética e a Composicão Musical Contemporânea

Introducão a Estética e a Composicão Musical Contemporânea

Documents
Firewalls - csci530l/slides/lab-firewalls-color.pdf · What do these 2 firewalls protect? Windows ... Linux Firewalls , Michael Rash, No Starch Press, 2007 ... lab-firewalls.ppt

Firewalls - csci530l/slides/lab-firewalls-color.pdf · What do these 2 firewalls protect? Windows ... Linux Firewalls , Michael Rash, No Starch Press, 2007 ... lab-firewalls.ppt

Documents
SIP, Firewalls and NATs Oh My!. SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically

SIP, Firewalls and NATs Oh My!. SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically

Documents
01- INTRODUCÃO NT

01- INTRODUCÃO NT

Documents
Bridging the Gap Between Web Application Firewalls and Web Applications

Bridging the Gap Between Web Application Firewalls and Web Applications

Documents
Redundant Firewalls for Web Applications

Redundant Firewalls for Web Applications

Documents
02.Introducão à Biogeografia

02.Introducão à Biogeografia

Documents
FortiWeb Data Sheet - Firewalls · Although Web Application Firewalls are the best defense against attacks that target web-based applications, WAFs can be tedious and time-consuming

FortiWeb Data Sheet - Firewalls · Although Web Application Firewalls are the best defense against attacks that target web-based applications, WAFs can be tedious and time-consuming

Documents
Security Strategies in Linux Platforms and Applications Lesson 7 Networks, Firewalls, and More

Security Strategies in Linux Platforms and Applications Lesson 7 Networks, Firewalls, and More

Documents
2009: Securing Applications With Web Application Firewalls and Vulnerability Assessments

2009: Securing Applications With Web Application Firewalls and Vulnerability Assessments

Education
Genética - introducão

Genética - introducão

Documents
Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Why Use Firewalls? Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Why Use Firewalls? Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Documents
1.introducão a fisiologia

1.introducão a fisiologia

Documents
Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Documents
Best Practices: Use of Web Application Firewalls - OWASP · PDF fileOWASP Papers Program Best Practice: Use of Web Application Firewalls Abstract Web applications of all kinds, whether

Best Practices: Use of Web Application Firewalls - OWASP · PDF fileOWASP Papers Program Best Practice: Use of Web Application Firewalls Abstract Web applications of all kinds, whether

Documents
Slides Introducão Justiça Restaurativa

Slides Introducão Justiça Restaurativa

Documents
Best Practices: Use of Web Application Firewalls€¦ · Best Practice: Use of Web Application Firewalls Abstract Web applications of all kinds, whether online shops or partner portals,

Best Practices: Use of Web Application Firewalls€¦ · Best Practice: Use of Web Application Firewalls Abstract Web applications of all kinds, whether online shops or partner portals,

Documents
Introducão ao estudo da politica

Introducão ao estudo da politica

Government & Nonprofit
Chapter 7 –Security in Networks Introduction to networks Threats against network applications Controls against network applications Firewalls

Chapter 7 –Security in Networks Introduction to networks Threats against network applications Controls against network applications Firewalls

Documents
Extending ADDM Discovery to Firewalls, Applications and Routers

Extending ADDM Discovery to Firewalls, Applications and Routers

Technology
Introducão a ciencia da geoinformação INPE

Introducão a ciencia da geoinformação INPE

Documents
Introducão à filosofia de Marx

Introducão à filosofia de Marx

News & Politics
Introducão ao arcgis

Introducão ao arcgis

Education
Introducão à História Do Direito

Introducão à História Do Direito

Documents
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

Documents
1 Firewalls Firewalls Firewalls von Hendrik Lennarz Hendrik Lennarz

1 Firewalls Firewalls Firewalls von Hendrik Lennarz Hendrik Lennarz

Documents
Ferrari Cechinel Introducão a Algoritmos de Programação

Ferrari Cechinel Introducão a Algoritmos de Programação

Documents
Aula 4 - Introducão a algoritmos

Aula 4 - Introducão a algoritmos

Education
Firewalls Types of Firewalls

Firewalls Types of Firewalls

Documents