Completed
at long last...
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
When Not to Use a Web Application Firewall and Its Alternatives - Lecture
Automatically move to the next video in the Classroom when playback concludes
- 1 intro
- 2 preamble
- 3 about joshua fox
- 4 doit
- 5 article
- 6 scenario
- 7 what is a waf?
- 8 drivers for getting a waf
- 9 hacker attack
- 10 penetration test
- 11 urgency
- 12 expertise
- 13 outside requirement/audit
- 14 security blanket
- 15 web threats
- 16 walktrhrough: cross site scripting
- 17 wihout waf
- 18 demo waf architecture
- 19 make it safe!
- 20 a simple chat message is executed
- 21 with waf
- 22 sql injection
- 23 ddos
- 24 why distributed?
- 25 application-level threats
- 26 broken access control
- 27 toss in a waf
- 28 how cloud armor works
- 29 architecture
- 30 policies and rules
- 31 rules
- 32 types of rules
- 33 preconfigured rules use these!
- 34 sensitivity paranoia
- 35 standard signatures
- 36 sample signature
- 37 rule language
- 38 waf won't protect you!
- 39 blocking your own app
- 40 false positives
- 41 job zero
- 42 secure your app
- 43 but the most important
- 44 ddos
- 45 ip address
- 46 geo
- 47 dry run
- 48 preview
- 49 problem with preview
- 50 false negatives
- 51 imperfection detection
- 52 the worst: broken access control
- 53 attackers shift
- 54 attackers are smart
- 55 flexibility?
- 56 waf adds risk, man-in-the-middle
- 57 risk: complacency
- 58 risk to performance
- 59 pricing
- 60 at long last...
- 61 eternal requirement
- 62 third-party apps
- 63 central supervision
- 64 the one go-to feature
- 65 consider advanced services
- 66 if you're going to do it, do it now
- 67 prefer your cloud's waf
- 68 minuses of waf
- 69 plusses of a waf
- 70 conclusion
- 71 we're hiring!
