Teaching your WAF new tricks

Presented at ToorCon San Diego 14 (2012), Oct. 21, 2012, 12:30 p.m. (20 minutes).

This isn't your uncle's "what's a WAF" talk, I'll be covering as many cool tricks and advance topics related to deploying Web Application Firewalls. I will briefly touch on mass deployment, configuration management and how to write custom scripts using lua. The majority of the advance subject matter will be specific to mod_security, however many of the broad topics are applicable to any web application firewall.

Presenters:

• Robert Rowley
  A Security Researcher for Trustwave's Spider Labs team, and part of the California security team for the past decade. Previous to my work with Spider Labs I worked as the security architect for a shared hosting company (who managed the web application firewall configuration for all 1mil+ websites hosted on the network)

Similar Presentations:

• THOTCON 0x4 (2013) / Teaching your WAF new tricks
• CircleCityCon 8.0 (2021) Virtual / My AWS WAF Deployment Odyssey
• DeepSec 2018 „I like to mov &6974,%bx“ / Building your Own WAF as a Service and Forgetting about False Positives