From Zero to Cybersecurity Analyst

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

When Not to Use a Web Application Firewall and Its Alternatives - Lecture

Conf42 via YouTube

Start learning Write review

Overview

Explore the controversial topic of Web Application Firewalls (WAFs) in this 27-minute conference talk from Conf42 SRE 2024. Delve into the drivers for implementing WAFs, including hacker attacks, penetration tests, and compliance requirements. Examine common web threats like cross-site scripting, SQL injection, and DDoS attacks, and understand how WAFs attempt to mitigate these risks. Learn about WAF architecture, policies, and rules, including preconfigured options and custom rule languages. Critically analyze the limitations of WAFs, such as false positives, potential for blocking legitimate traffic, and the risk of complacency. Discover alternative approaches to application security, including secure coding practices and advanced cloud services. Evaluate the pros and cons of WAF implementation, considering factors like performance impact, pricing, and centralized security management. Gain insights on when to consider WAF deployment and how to choose the right solution for your needs.

Syllabus

intro
preamble
about joshua fox
doit
article
scenario
what is a waf?
drivers for getting a waf
hacker attack
penetration test
urgency
expertise
outside requirement/audit
security blanket
web threats
walktrhrough: cross site scripting
wihout waf
demo waf architecture
make it safe!
a simple chat message is executed
with waf
sql injection
ddos
why distributed?
application-level threats
broken access control
toss in a waf
how cloud armor works
architecture
policies and rules
rules
types of rules
preconfigured rules use these!
sensitivity paranoia
standard signatures
sample signature
rule language
waf won't protect you!
blocking your own app
false positives
job zero
secure your app
but the most important
ddos
ip address
geo
dry run
preview
problem with preview
false negatives
imperfection detection
the worst: broken access control
attackers shift
attackers are smart
flexibility?
waf adds risk, man-in-the-middle
risk: complacency
risk to performance
pricing
at long last...
eternal requirement
third-party apps
central supervision
the one go-to feature
consider advanced services
if you're going to do it, do it now
prefer your cloud's waf
minuses of waf
plusses of a waf
conclusion
we're hiring!

Taught by

Conf42

Reviews

Start your review of When Not to Use a Web Application Firewall and Its Alternatives - Lecture

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.