This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

File:OWASP Dynamic Vulnerability Identification RyanBarnett200804.pdf

From OWASP
Jump to: navigation, search
OWASP_Dynamic_Vulnerability_Identification_RyanBarnett200804.pdf(file size: 2.23 MB, MIME type: application/pdf)

Ryan Barnett of Breach Security discusses how to employ ModSecurity (an open-source web application firewall) and other Web Application Firewalls (WAFs) to identify web application vulnerabilities. Identifying web application vulnerabilities has traditionally been achieved by running vulnerability scanners. While these tools can been effective, they have some deficiencies, mainly that they are simply snap-shots in time and they often add network load on the web application. Web application firewalls can help to detect application defects in applications by monitoring the application as it is used. In this presentation, Ryan Barnett, Director of Application Security at Breach, will discuss how deploying a web application firewall can provide more value beyond simply protecting applications from attack. Due to their strategic placement within the application's communication stream, web application firewalls, can provide a great deal of visibility into how an application is used and detect defects by watching the interaction between the application and a client.

Ryan C. Barnett is a recognized security thought leader and evangelist who frequently speaks with the media and industry groups. He is the director of application security at Breach Security. He is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security/Building a Web Application Firewall Workshop, Top 20 Vulnerabilities Team Member and Local Mentor for the SANS Track 4, "Hacker Techniques, Exploits and Incident Handling" course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX) and Security Essentials (GSEC). Mr. Barnett also serves as the team lead for the Center for Internet Security Apache Benchmark Project and is a member of the Web Application Security Consortium. His web security book, "Preventing Web Attacks with Apache,” was published by Addison/Wesley in 2006.

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeDimensionsUserComment
current04:58, 10 July 2008 (2.23 MB)Andylew (talk | contribs)Ryan Barnett of Breach Security discusses how to employ ModSecurity (an open-source web application firewall) and other Web Application Firewalls (WAFs) to identify web application vulnerabilities. Identifying web application vulnerabilities has tradition
  • You cannot overwrite this file.

There are no pages that link to this file.