Presentation Title: Application Defense Tactics & Strategies - WAF at the Gateway
Presentation Abstract:

New attack vectors are emerging on the horizon after introduction of Web 2.0 technologies and components. Web Application Firewall can help in protecting applications by filtering traffic going over HTTP(S). There are different approaches for it and in this talk we are going to discuss several key aspects of WAF as mentioned below.

* Building WAF for your corporate environment using IIS
* Architecture and Event Model for WAF
* Modular approach – better performance
* Advanced attacks over WEB 2.0 and defense using WAF
* Protecting JSON and XML streams
* PCI-DSS compliance and WAF

WAF is a tactical defense for corporate environment to provide faster response to discovered vulnerabilities. We are going to discuss topic in detail along with live attacks, defense, tools and cases. We are going to release prototype for WAF as part of the talk so you can try it in your environment.

About Shreeraj

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security (Thomson 07), Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.