Lightning Talk - WAF Evolution, or How I Stopped Worrying About Vulnerabilities

Presented at AppSec USA 2016, Oct. 13, 2016, 10:15 a.m. (10 minutes).

In this talk, we'll explore how application firewalls must evolve to continue to provide powerful, operationally scalable security policies. Gone are the days of "virtually" patching vulnerabilities when remediation time continues to shrink in more agile, devops-driven infrastructures. Infrastructure-based pplication security must pivot to focus on client behavior an characteristics, rather than on the web app itself. Security must also be extended to the browser, to protect even the user who will click on anything from compromise.  Elements of this topic have been covered in my columns on Information Security Buzz: http://www.informationsecuritybuzz.com/articles/the-death-of-waf-as-we-know-it/http://www.informationsecuritybuzz.com/articles/when-a-bot-isnt-a-bot/http://www.informationsecuritybuzz.com/articles/is-bot-detection-the-best-value-in-infosec/

Presenters:

  • Brian McHenry - Senor Security Solutions Architect - F5 Networks
    As a Senior Security Solutions Architect at F5 Networks, Brian McHenry focuses on web application and network security. McHenry acts as a liaison between customers and the F5 product teams, providing a hands-on, real-world perspective. He is also a regular contributor on InformationSecurityBuzz.com, writing articles aimed at simplifying complex IT security challenges. Prior to joining F5 in 2008, McHenry, a self-described "IT generalist", held leadership positions within a variety of technology organizations, ranging from startups to major financial services firms.​ Follow him on twitter @bamchenry.

Links:

Similar Presentations: