The ESAPI Web Application Firewall (ESAPI WAF) - Revision history

Achim: categorie OWASP WAF

2012-07-05T21:23:58Z

categorie OWASP WAF

Arshan: reformatting

2009-11-13T22:47:16Z

reformatting

Jeremy.long at 01:33, 4 August 2009

2009-08-04T01:33:21Z

Jeremy.long: Created page with '== The presentation == rightThis talk will be the official introduction of the ESAPI WAF! We'll present a new way of thinking about WAFs & our t…'

2009-08-04T00:16:19Z

Created page with '== The presentation == rightThis talk will be the official introduction of the ESAPI WAF! We'll present a new way of thinking about WAFs & our t…'

New page

== The presentation ==

[[Image:Owasp_logo_normal.jpg|right]]This talk will be the official introduction of the ESAPI WAF! We'll present a new way of thinking about WAFs & our tool provides all the usable, up-front security one can get from a WAF without suffering from any of the design flaws and integration patterns that make them a maintenance nightmare. It's a small-footprint technology that can do all the following with ease & and for FREE, BSD licensed! * Virtual patches * Enforce authentication * Enforce access control * Egress filtering/detection * Enforce HTTPS * Canonicalize input * It also has capabilities not yet imagined by today's WAFs because it is deployed much closer to the application. Because of its proximity, the ESAPI WAF can use custom code and session storage to integrate meaningful, complex and customized security into an application. Don't have the source? Not a problem! ESAPI can sit in front without any code changes. Don't have $200k to buy a commercial WAF? Don't feel comfortable with mod_security? ESAPI WAF is your answer! Assuming some knowledge of WAFs, the talk will cover its capabilities (with demonstrations), testing strategy (to provide assurance) and integration strategies.

== The speakers ==

Arshan Dabirsiaghi is the Director of Research of Aspect Security, a company that specializes in application security services. He contributes to many OWASP groups and, as no surprise to Gary McGraw, voted for Nader. Arshan just left PR hack on AOL yesterday and is trying to figure out why document.cookie is so interesting. He spends most of his work time abusing web applications, teaching classes all over the world and doing research into next generation web application attacks and defenses.

[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]

← Older revision		Revision as of 21:23, 5 July 2012
Line 15:		Line 15:
	Arshan Dabirsiaghi is the Director of Research of Aspect Security, a company that specializes in application security services. He contributes to many OWASP groups and, as no surprise to Gary McGraw, voted for Nader. Arshan just left PR hack on AOL yesterday and is trying to figure out why document.cookie is so interesting. He spends most of his work time abusing web applications, teaching classes all over the world and doing research into next generation web application attacks and defenses.		Arshan Dabirsiaghi is the Director of Research of Aspect Security, a company that specializes in application security services. He contributes to many OWASP groups and, as no surprise to Gary McGraw, voted for Nader. Arshan just left PR hack on AOL yesterday and is trying to figure out why document.cookie is so interesting. He spends most of his work time abusing web applications, teaching classes all over the world and doing research into next generation web application attacks and defenses.

−	[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]	+	[[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]] [[Category:OWASP WAF]]

@@ Line 1: / Line 1: @@
 == The presentation  ==
-[[Image:Owasp_logo_normal.jpg|right]]This talk will be the official introduction of the ESAPI WAF! We'll present a new way of thinking about WAFs & our tool provides all the usable, up-front security one can get from a WAF without suffering from any of the design flaws and integration patterns that make them a maintenance nightmare. It's a small-footprint technology that can do all the following with ease & and for FREE, BSD licensed! * Virtual patches * Enforce authentication * Enforce access control * Egress filtering/detection * Enforce HTTPS * Canonicalize input * It also has capabilities not yet imagined by today's WAFs because it is deployed much closer to the application. Because of its proximity, the ESAPI WAF can use custom code and session storage to integrate meaningful, complex and customized security into an application. Don't have the source? Not a problem! ESAPI can sit in front without any code changes. Don't have $200k to buy a commercial WAF? Don't feel comfortable with mod_security? ESAPI WAF is your answer! Assuming some knowledge of WAFs, the talk will cover its capabilities (with demonstrations), testing strategy (to provide assurance) and integration strategies.
+[[Image:Owasp_logo_normal.jpg|right]]This talk will be the official introduction of the ESAPI WAF! We'll present a new way of thinking about WAFs & our tool provides all the usable, up-front security one can get from a WAF without suffering from any of the design flaws and integration patterns that make them a maintenance nightmare. It's a small-footprint technology that can do all the following with ease & and for FREE, BSD licensed!
 == The speaker  ==

@@ Line 3: / Line 3: @@
 [[Image:Owasp_logo_normal.jpg|right]]This talk will be the official introduction of the ESAPI WAF! We'll present a new way of thinking about WAFs & our tool provides all the usable, up-front security one can get from a WAF without suffering from any of the design flaws and integration patterns that make them a maintenance nightmare. It's a small-footprint technology that can do all the following with ease & and for FREE, BSD licensed! * Virtual patches * Enforce authentication * Enforce access control * Egress filtering/detection * Enforce HTTPS * Canonicalize input * It also has capabilities not yet imagined by today's WAFs because it is deployed much closer to the application. Because of its proximity, the ESAPI WAF can use custom code and session storage to integrate meaningful, complex and customized security into an application. Don't have the source? Not a problem! ESAPI can sit in front without any code changes. Don't have $200k to buy a commercial WAF? Don't feel comfortable with mod_security? ESAPI WAF is your answer! Assuming some knowledge of WAFs, the talk will cover its capabilities (with demonstrations), testing strategy (to provide assurance) and integration strategies.
-== The speakers  ==
+== The speaker  ==
 Arshan Dabirsiaghi is the Director of Research of Aspect Security, a company that specializes in application security services. He contributes to many OWASP groups and, as no surprise to Gary McGraw, voted for Nader. Arshan just left PR hack on AOL yesterday and is trying to figure out why document.cookie is so interesting. He spends most of his work time abusing web applications, teaching classes all over the world and doing research into next generation web application attacks and defenses.
 [[Category:OWASP_AppSec_DC_09]] [[Category:OWASP_Conference_Presentations]]