Playing with Web Application Firewalls

Presented at DEF CON 16 (2008), Aug. 8, 2008, 3 p.m. (50 minutes).

WAF (Web Application Firewalls) are often called 'Deep Packet Inspection Firewalls' because they look at every request and response within the HTTP/HTTPS/SOAP/XML-RPC/Web Service layers. Some WAFs look for certain 'attack signatures' to try to identify a specific attack that an intruder may be sending, while others look for abnormal behavior that doesn't fit the websites normal traffic patterns. Web Application Firewalls can be either software, or hardware appliance based and are installed in front of a webserver in an effort to try and shield it from incoming attacks. Today WAF systems are considered the next generation product to protect websites against web hacking attacks, this presentation will show some techniques to detect, fingerprint and evade them. Affiliated to Hackaholic team (http://hackaholic.org/) and working as penetration tester to a Brazilian company called SecurityLabs in the Intruders Tiger Team division - One of leaders company of segment in Brazil, among our clients are government, credit card industry, etc.

Presenters:

  • Wendel Guglielmetti Henrique - Penetration Test Analyst - Intruders Tiger Team Security
    Wendel Guglielmetti Henrique has worked with IT since 1997, during the last 7 years he has worked in the computer security field. He found vulnerabilities in many softwares like webmails, Access Points, Citrix Metaframe, etc. Some tools he wrote already were used as examples in articles in national magazines like PCWorld Brazil and international ones like Hakin9 Magazine. During the last 3 years he has worked as Pen-tester.

Links:

Similar Presentations: