Play all

Intro

Brief History of WAF's

Purpose of WAF's

Problems with WAF's

Bypassing WAF'S

Sanwaf: Application-Level Security Control

Purpose of Sanwaf

Bypass Example A cookie is being blocked by a WWF and is causing an issue, so

Sanwaf Does Not Replace WAF's

Sanitizing Data

How Sanwaf Works

Sanwaf Structure

Global Settings

Shield Settings

Regex Settings

Metadata Settings

Sanwaf Datatypes

Sanwaf: How it works

Sanwaf: How Strings Work

Sanwaf Datatype Performance

Example - Delimited Set of Numbers

Datatype Example: Delimited Set of Numbers (RegEx)

Datatype Example: Alphanumeric and Whitelisted

Datatype Example: Using a lava Class

Datatype Example: String & Regex

Implementing Sanwaf

Sample Implementation: Filter

Sample Implementation: Logging

Error Message Example

Rending Error to End User

Sample Application

Where to Git Sanwaf

Contact Information

Description:

Explore the evolution, purpose, and limitations of Web Application Firewalls (WAFs) in this 38-minute OWASP Foundation conference talk. Learn about WAF bypassing techniques and discover Sanwaf, an application-level security control. Dive into Sanwaf's structure, functionality, and implementation, including global settings, shield settings, regex settings, and metadata settings. Examine various datatype examples and performance considerations. Gain insights on sanitizing data, implementing filters and logging, and handling error messages. Access a sample application and learn where to find Sanwaf for implementation in your own projects.

Extending WAFs at the Application Layer

OWASP Foundation

Add to list

#Conference Talks #Programming #Domain-Specific Languages (DSL) #Regular Expressions #Web Development #Web Application Security #Information Security (InfoSec) #Cybersecurity #Web Security #Web Application Firewalls