This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Open Source Web Entry Firewall

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Ivan buetler small.jpg
What makes the difference between a web application firewall and a web entry server? Learn in this talk more about web entry servers, architecture, pre-authentication, shared memory based session store, session hiding and service level access control.

The talk will start from a clean apache web server that will then be turned into a reverse proxy, from where mod_security enables the web app firewall capabilities. In the next step, the audience will learn and see how to turn this WAF into a Pre-Auth engine with url based access controls and session hiding features.

At the end of the talk, we have setup a fully operational, secure and open source web entry server in front of Facebook.

Ivan Butler

After completing his studies for a B.S. of Electrical Engineering, Ivan Buetler worked for several Swiss companies in the field of banking, electronic stock market and IT security. In 1999 Ivan co-founded Compass Security, a Swiss ethical hacking and penetration testing company located in Rapperswil Switzerland. Several of his publications on network and computer security have raised international recognition. Besides his own business he is also a tutor at both the University of Applied Sciences in Rapperswil and the Lucerne University of Applied Sciences and Arts. Ivan was a recent speaker at Blackhat 2008 Las Vegas about Smart Card (In)Security and APDU Debugging, IT Underground Warsaw 2009 about Advanced Web Hacking Techniques and in Singapore 2010 about Mobile Payment Systems Vulnerabilities. He is in the board of the Swiss Cyber Storm 3 Security Conference (May 2011), CTO of Hacking-Lab and co-founder of the Cyber Tycoons anti-warfare foundation.