This training provides the participants with the an in-depth understanding of what is a Web Application Firewall (WAF), types of WAFs, and the approach to installing WAFs for protecting their web applications against external threats and preventing data leakage. Using the examples of industry-leading WAFs with sufficient hands-on exercises, the training course dives into the details of configuration, administration, fine-tuning, alerting, and reporting aspects of WAFs.
A Web application firewall (WAF) or application-layer firewall is an appliance or software designed to protect web applications against attacks and data leakage. It sits between the web server and the Internet, analyzing application layer messages for violations in the programmed security policy. WAFs address different security issues than network firewalls and intrusion detection/prevention systems, which are basically designed to defend the perimeter of the network. WAFs are designed to protect application-layer traffic through signatures and acceptable-use profiles. WAFs prevent threats when it is inconvenient to modify code. They also provide an important feedback loop to developers as part of the overall SDLC process.
Since WAFs examine the entire network packet, they have more extensive logging capabilities and can record application-specific commands. We need to define carefully what information your firewall should log; ideally consisting of full request and response data, including headers and body payloads. By having a Web application firewall in place as part of a layered security model, you can observe, monitor and look for any signs of intrusion.
By having a Web application firewall in place as part of a layered security model, you are able to observe, monitor and look for any signs of intrusion and accordingly secure your corporate network.
After the training, you will be able to answer the following questions:
Knowledge of web application security issues, such as OWASP Top 10
This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.