Entries in web application firewall (3)


Web Application Firewalls and VoIP on the intertubes

So the OWASP at Krakow (which was a great experience!) came to an end. The conference was a mixture of technical and non-technical presentations; I liked the w3af presentation and thought it was well delivered, and I heard that the "HTTP Parameter Pollution" was particularly interesting. It seems that the Web Applications Firewall talk that we gave steered the attention of various organizations, media (DarkReading) and people (Twitter). The presentation went a big bonkers and Murphey's Law kicked in. However we got the chance to demonstrate the missed content after the conference for an audience that provided a lot of good feedback.

I'll also be presenting a session on VoIP scanning on the internet at CONFidence tomorrow. Most other presentations and research seems to focus on VoIP (in)security + layer 2 issues, such as sniffing clear text VoIP. In contrast to this, my session will be more focused on what attackers coming Internet (can) do to your SIP PBX and endpoints. The focus is on demonstrating using both live demos and recorded videos and destribing some interesting (rather new) attacks that apply to VoIP on the Internet.

The state of Web Application Security and their Firewalls

Back from Troopers09 in Munich after presenting our (Wendel Guglielmetti Henrique from Trustwave  and yourstruly) research on Web Application Firewalls. Troopers was great and the organizers (Enno Rey and co) made a great job out of the conference. Kudos to them!  During the presentation we demonstrated some tools that will help security analysts and penetration testers to identify WAFs and fingerprint their rules.We hope to release these tools soon.. meanwhile if you would like to beta test, please send me a note.

Last week Bryan Miller from Syrinx Technologies interviewed me on Web Application Security and WAFs. You may listen to this podcast here where I gave my views on web application security and an introduction to the presentation for Troopers. If you would like to keep updated with this podcast, you may subscribe using the RSS feed.

[slideshare id=1344590&doc=wendel-sandro-troopers09-1-090426151524-phpapp02]

(IN)SECURE Magazine and other updates

This is an update of what's been happening on this end:snapshot-2008-12-01-10-16-301

  • Issue 19 of (IN)SECURE Magazine is out, and with it you'll find a report on RSA Europe 2008 and an article called "How security can hurt us" by yours truly. The magazine has a number of high quality articles and is  freely available from the main website.

  • Upcoming research: Vulnerabilities and tools related to Web Application Firewalls. Wendel Guglielmetti Henrique combined his and my research and presented it at H2HC. The presentation was called "Playing with Web Application Firewalls". Additionally, I presented my research at a local ISACA chapter. This research is still in its initial stage but is already showing significant results. Will be putting a separate post on this.

  • The blog at Acunetix now features posts by yours truly on (you guessed it) Web Application Security.

  • If you are based in Malta, then you might be interested in the Malta Infosec linkedin group that will be organizing some informal events "real soon". The blog is at Maltainfosec.org.