Abstract
New attack vectors are emerging on the horizon after introduction of Web 2.0 technologies and components. Web Application Firewall can help in protecting applications by filtering traffic going over HTTP(S). There are different approaches for it and in this talk we are going to discuss several key aspects of WAF as mentioned below.
- Building WAF for your corporate environment using IIS
- Architecture and Event Model for WAF
- Modular approach – better performance
- Advanced attacks over WEB 2.0 and defense using WAF
- Protecting JSON and XML streams
- PCI-DSS compliance and WAF
WAF is a tactical defense for corporate environment to provide faster response to discovered vulnerabilities. We are going to discuss topic in detail along with live attacks, defense, tools and cases. We are going to release prototype for WAF as part of the talk so you can try it in your environment.