#Web Application Firewalls

Estrategias para combatir ataques BOT en la era de la IA, enfocándose en amenazas móviles, reducción de costos WAF y protección contra fraudes, DDoS y abusos de API.

Add to list

1 Lesons

54 minutes

On-Demand

Free-Video

NahamSec

Bug Bounty Techniques: Recon, JavaScript Analysis, and Web Security Tools

Insightful discussion on bug bounty techniques, covering recon, JavaScript analysis, WAF bypassing, and utilizing the Wayback Machine for effective vulnerability discovery.

Add to list

1 Lesons

2 hours 10 minutes

On-Demand

Free-Video

Core Rule Set for the Masses: Lessons from Taming ModSecurity Rules at Massive Scale - 2017

Insights on fine-tuning ModSecurity Core Rule Set at scale, reducing false positives, and optimizing web application firewall performance for large-scale deployments.

Add to list

1 Lesons

50 minutes

On-Demand

Free-Video

Building an AppSec Program with a Budget of $0 - Beyond the OWASP Top 10

Explore OWASP projects to build a comprehensive AppSec program without spending money. Learn how to implement open-source tools for training, development, testing, and defense to create a robust security framework.

Add to list

1 Lesons

42 minutes

On-Demand

Free-Video

Lessons in Securing Internal Apps - AppSecCali 2019

Lessons and strategies for securing internal applications, including authentication, TLS, Content Security Policy, and leveraging WAFs. Insights on scalable approaches and using internal apps to train security engineers.

Add to list

1 Lesons

44 minutes

On-Demand

Free-Video

Innovation Fair for Application and Software Security Startups - OWASP Global AppSec Tel Aviv 2019

Explore innovative startups in application and software security at OWASP's first Innovation Fair. Early-stage companies pitch cutting-edge solutions, offering insights into emerging technologies and market trends.

Add to list

1 Lesons

1 hour 20 minutes

On-Demand

Free-Video

OWASP Coraza: The Way to WAF in 2023

Explore OWASP Coraza, a cutting-edge Web Application Firewall (WAF) solution, and learn how it enhances web security in 2023 through advanced features and implementation strategies.

Add to list

1 Lesons

55 minutes

On-Demand

Free-Video

Big Data Intelligence - Harnessing Petabytes of WAF Statistics for Web Protection

Explore big data analysis of web application security trends, focusing on WAF statistics, attack patterns, and OWASP ModSecurity Core Rule Set accuracy. Learn to navigate and improve cloud-based web protection.

Add to list

22 Lesons

46 minutes

On-Demand

Free-Video

WAF Bypass Techniques Using HTTP Standard and Web Servers' Behavior

Explore creative techniques to bypass web application firewalls using HTTP standards and server behaviors. Learn to smuggle and reshape requests for penetration testing and bug bounty hunting.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

Framework Security: Hugging Developers Through Self-Defending Systems - AppSecEU 2016

Explore framework security strategies, self-defending frameworks, and developer-friendly approaches to enhance application security without code changes or performance impact.

Add to list

32 Lesons

38 minutes

On-Demand

Free-Video

Naxsi: A Web Application Firewall for NGINX

Explore Naxsi, an open-source web application firewall for NGINX, and learn about its features, implementation, and benefits for enhancing web application security.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

Getting New Actionable Insights by Analyzing Web Application Firewall Triggers

Explore advanced techniques for analyzing WAF triggers to generate actionable defenses, improve security controls, and gain insights into attacker techniques using real-world case studies.

Add to list

24 Lesons

40 minutes

On-Demand

Free-Video

Malware and Defense Techniques - OWASP AppSec Europe 2014

Explore cutting-edge malware detection, web security, and network defense techniques from industry experts at OWASP AppSec Europe 2014. Gain insights on cloud-based solutions, botnet detection, and advanced web application protection.

Add to list

6 Lesons

6 hours 23 minutes

On-Demand

Free-Video

Cooper

Web Application Firewall - Functionality and Bypass Techniques

Explore web application firewalls, their functionality, and techniques to bypass them in this insightful presentation by security expert Aatif Khan.

Add to list

1 Lesons

46 minutes

On-Demand

Free-Video

Linux Foundation

Securing Modern Apps with Zero Trust and Next-Gen Web Application Firewall

Explore Zero Trust principles and next-gen Web Application Firewall technology for securing modern cloud applications against sophisticated cyber attacks, featuring Coraza and OWASP CoreRuleSet.

Add to list

1 Lesons

37 minutes

On-Demand

Free-Video

HackerSploit

Sucuri Web Application Firewall Review

Comprehensive review of Sucuri's web application firewall, exploring its features, effectiveness, and benefits for website security and protection against online threats.

Add to list

1 Lesons

22 minutes

On-Demand

Free-Video

HackerSploit

Nginx ModSecurity Tutorial - Nginx WAF

Learn to secure Nginx with ModSecurity, an open-source web application firewall. Explore real-time request inspection, protection against XSS and SQL injection attacks, and active monitoring for enhanced web server security.

Add to list

1 Lesons

30 minutes

On-Demand

Free-Video

HackerSploit

Apache2 ModSecurity Tutorial - Apache2 WAF

Learn to secure Apache2 with ModSecurity, an open-source web application firewall. Explore real-time request inspection, prevention of common attacks, and active monitoring for enhanced web server protection.

Add to list

1 Lesons

21 minutes

On-Demand

Free-Video

Fission

Towards Intelligent Application Security

Exploring the evolution of application security and proposing an automated approach integrating security into development and operations, aided by learning techniques and threat intelligence.

Add to list

1 Lesons

52 minutes

On-Demand

Free-Video

Will Machine Learning Replace the WAF?

Explore the potential of machine learning to revolutionize web application firewalls, examining its capabilities, limitations, and impact on cybersecurity.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

NahamSec

Modern WAF Bypass Techniques on Large Attack Surfaces

Explore advanced WAF bypass techniques for large attack surfaces with insights from top security researcher Shubham Shah, focusing on complex vulnerabilities and security automation.

Add to list

1 Lesons

34 minutes

On-Demand

Free-Video

OWASP Coraza Web Application Firewalls Revisited

Explore OWASP Coraza's advanced features for securing web applications, including its architecture, rule language, and integration capabilities with popular web servers and frameworks.

Add to list

1 Lesons

23 minutes

On-Demand

Free-Video

Conf42

When Not to Use a Web Application Firewall and Its Alternatives - Lecture

Explore when to avoid Web Application Firewalls (WAFs) and learn their limitations. Understand WAF architecture, common web threats, and alternative security approaches for effective application protection.

Add to list

71 Lesons

27 minutes

On-Demand

Free-Video

ChariotSolutions

Mitigating Log4Shell and Similar Vulnerabilities Using Cloud Services

Explore how cloud services mitigate vulnerabilities like Log4Shell by blocking attacks, preventing data exfiltration, protecting sensitive information, and enabling forensic analysis in Java applications.

Add to list

18 Lesons

47 minutes

On-Demand

Free-Video

Reversing Engineering Web Applications for Security - Behavior Analysis and WAF Detection

Explore web application reverse engineering, behavior analysis, and WAF detection techniques. Learn to create effective countermeasures against complex attacks using whitelist protection and traffic analysis.

Add to list

37 Lesons

47 minutes

On-Demand

Free-Video

Building Cloud-Native Security for Apps and APIs with NGINX

Enhance NGINX with robust security features for apps and APIs. Learn practical methods for visibility, real-time protection, and mitigation of OWASP Top10 threats, bots, and data leakage in cloud environments.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

Introducing the OWASP ModSecurity Core Rule Set 3.0 - AppSec EU 2017

Explore OWASP ModSecurity Core Rule Set 3.0: installation, key concepts, and handling false positives for effective web application firewall protection against common attacks.

Add to list

15 Lesons

50 minutes

On-Demand

Free-Video

Web Application Honeypot Threat Intelligence - Techniques and Implementation

Explore web application honeypots for threat intelligence, using ModSecurity and OWASP Core Rule Set to capture attacker activity and protect software against emerging threats.

Add to list

9 Lesons

31 minutes

On-Demand

Free-Video

What's New in CRS4 - An Update from the OWASP CRS Project

Explore the latest updates and enhancements in CRS4, the OWASP Core Rule Set project, with insights on improved web application security and threat mitigation strategies.

Add to list

1 Lesons

53 minutes

On-Demand

Free-Video

The Rise and Fall of ModSecurity and the OWASP Core Rule Set

Explore the evolution and impact of ModSecurity and OWASP Core Rule Set in web application security, examining their rise, challenges, and future prospects.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

CNCF [Cloud Native Computing Foundation]

Ingress-Nginx and 2024 Plans - Roadmap and Future Developments

Explore ingress-nginx's 2024 roadmap, including modsecurity, potential LUA replacements, and challenges in decoupling control and data planes. Gain insights into future developments and strategies.

Add to list

1 Lesons

26 minutes

On-Demand

Free-Video

Rahul Wagh

AWS Advanced Networking - Full Course - Part 1

Explore AWS advanced networking concepts, from VPC essentials to SSL/TLS with ACM. Master load balancers, security features, and efficient network architectures for cloud computing.

Add to list

13 Lesons

7 hours 58 minutes

On-Demand

Free-Video

NorthSec

Web Application Firewall Workshop

Hands-on workshop exploring Web Application Firewall bypass techniques, including encoding, SQL injection, protocol switching, and syntax alternatives. Practical exercises with in-depth explanations for each method.

Add to list

1 Lesons

1 hour 53 minutes

On-Demand

Free-Video

WEareTROOPERS

The Truth about Web Application Firewalls

Explore the realities of Web Application Firewalls with experts Sandro Gauci and Wendel Guglielmetti, uncovering insights and truths about their effectiveness and implementation in cybersecurity.

Add to list

1 Lesons

1 hour 2 minutes

On-Demand

Free-Video

WAFs FTW! A Modern DevOps Approach to Security Testing Your WAF

Explore modern DevOps approach to security testing Web Application Firewalls (WAFs) using Framework for Testing WAFs (FTW). Learn objective WAF evaluation, rapid prototyping, and continuous testing strategies.

Add to list

20 Lesons

33 minutes

On-Demand

Free-Video

Comparing WAF and RASP - Why?

Explore the differences and complementary roles of WAF and RASP in application security, understanding their strengths and limitations for comprehensive protection.

Add to list

26 Lesons

50 minutes

On-Demand

Free-Video

Your Frontier Defense - Understanding Web Application Firewalls

Explore WAF options, features, and challenges across cloud providers and self-managed solutions for enhanced web application security and defense-in-depth strategies.

Add to list

10 Lesons

50 minutes

On-Demand

Free-Video

Implementing AppSensor in ModSecurity

Explore advanced web application security techniques using AppSensor and ModSecurity, focusing on detection points, SQL injection prevention, and innovative defense strategies.

Add to list

11 Lesons

43 minutes

On-Demand

Free-Video

Core Rule Set for the Masses

Insights on fine-tuning ModSecurity Core Rule Set for large-scale deployments, reducing false positives, and optimizing web application firewall performance.

Add to list

29 Lesons

37 minutes

On-Demand

Free-Video

Extending WAFs at the Application Layer

Explore application-level security control with Sanwaf, an alternative to traditional WAFs. Learn its structure, datatypes, and implementation for enhanced web application protection.

Add to list

33 Lesons

38 minutes

On-Demand

Free-Video

Practical OWASP CRS in High Security Settings

Learn to implement OWASP Core Rule Set for high-security web applications, covering WAFs, ModSecurity, logging, whitelisting, and advanced protection techniques.

Add to list

13 Lesons

41 minutes

On-Demand

Free-Video

OWASP Flagship Projects - OWASP ModSecurity Core Rule Set

Explore OWASP ModSecurity Core Rule Set: web application firewall rules, paranoia levels, and project developments for enhanced security and threat protection.

Add to list

18 Lesons

29 minutes

On-Demand

Free-Video

nullcon

Introduction to the OWASP ModSecurity Core Rule Set

Learn about OWASP ModSecurity Core Rule Set, a powerful open-source web application firewall. Discover key features like paranoia levels and anomaly scoring, and see its effectiveness in protecting against various attacks.

Add to list

22 Lesons

44 minutes

On-Demand

Free-Video

AutoSpear - Towards Automatically Bypassing and Inspecting Web Application Firewalls

Explore techniques for automatically bypassing and inspecting web application firewalls, examining vulnerabilities in WAF-as-a-service solutions and cloud security services.

Add to list

1 Lesons

35 minutes

On-Demand

Free-Video

HackerOne

WAF Bypass In Depth

Explore advanced techniques for bypassing Web Application Firewalls (WAFs) and demonstrating the impact of cross-site scripting vulnerabilities, even in the presence of sophisticated security measures.

Add to list

1 Lesons

26 minutes

On-Demand

Free-Video

Web Application Firewalls - Analysis of Detection Logic

Explores detection logic in Web Application Firewalls, focusing on regular expressions. Analyzes security flaws in popular WAFs and introduces tools for identifying vulnerabilities in regex patterns.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

GOTO Conferences

Rock 'Em Sock 'Em Robots - Bot Swatting Like the Pros

Explore strategies for managing bot traffic, detecting malicious behavior, and improving data confidence in web systems. Learn to differentiate between beneficial and harmful bots.

Add to list

32 Lesons

40 minutes

On-Demand

Free-Video

GOTO Conferences

Instrument Flight Rules - Navigating Cyber Security in a Cloud Landscape

Explore modern cybersecurity challenges in cloud environments, learn strategies for data protection beyond traditional perimeters, and discover tools designed for cloud security in this insightful presentation.

Add to list

13 Lesons

27 minutes

On-Demand

Free-Video

PHP WAF - Intercept and Monitor Application Attacks

Explore integrating WAF capabilities into PHP applications for enhanced security. Learn to intercept attacks, monitor user activity, and implement a skeleton security framework.

Add to list

1 Lesons

38 minutes

On-Demand

Free-Video

The Self Healing Cloud - Protecting Applications and Infrastructure with Automated Virtual Patching

Explore automated virtual patching for cloud security, protecting apps and infrastructure through innovative techniques like web application firewalls and network intrusion detection.

Add to list

21 Lesons

39 minutes

On-Demand

Free-Video

Confessions of a WAF Developer - Protocol-Level Evasion of Web App Firewalls

Explores protocol-level evasion techniques for bypassing web application firewalls, focusing on vulnerabilities in virtual patches and demonstrating real-world examples and countermeasures.

Add to list

23 Lesons

47 minutes

On-Demand

Free-Video

ModSecurity as Universal Cross-Platform Web Protection Tool

Explore ModSecurity's evolution into a cross-platform WAF, its early attack detection capabilities, and its use of OWASP Core Rule Set for protecting Apache, IIS, and nginx servers.

Add to list

1 Lesons

42 minutes

On-Demand

Free-Video

New Optimization and Obfuscation Techniques

Advanced SQL injection techniques for bypassing firewalls and intrusion detection systems, including optimization methods and the Leapfrog framework for testing security measures.

Add to list

1 Lesons

49 minutes

On-Demand

Free-Video

GOTO Conferences

The State of Application Security 2023 - Learnings from 4 Million Scanned Services - Unveiling the Power of Proactive Cybersecurity Investments

Unveiling key vulnerabilities from a global scan of 4 million web services, this talk explores prevalent cyber risks, offering insights on file leaks, DNS vulnerabilities, and cross-site scripting with real-world examples and demos.

Add to list

20 Lesons

45 minutes

On-Demand

Free-Video

The Benefits in Externalizing DMZ as a Service in the Cloud

Explore the benefits of cloud-based DMZ services, covering web architecture, security measures, and application firewalls. Learn about attack types and secure development practices.

Add to list

14 Lesons

53 minutes

On-Demand

Free-Video

I Got 99 Problems but a WAF Ain't One

Explore web application firewall (WAF) challenges and solutions in this talk by Micah Brown, covering common issues and effective strategies for implementation and management.

Add to list

1 Lesons

47 minutes

On-Demand

Free-Video

Spring I/O

From OWASP Top 10 to Secure Applications

Comprehensive overview of OWASP standards and practical security implementations for Spring applications, covering injection, access control, and various protection tools.

Add to list

22 Lesons

43 minutes

On-Demand

Free-Video

Bridging the Gap Between Research and Practice in Intelligently Bypassing WAF

Explore AI-driven techniques for bypassing web application firewalls, addressing practical challenges in payload diversity and difficulty balancing. Learn innovative approaches to enhance cybersecurity defenses.

Add to list

11 Lesons

26 minutes

On-Demand

Free-Video

Platform Engineering

Key Considerations for Designing Cloud DMZ

Explore key design considerations for cloud DMZ on AWS, comparing traditional and cloud-based approaches. Learn about self-healing architecture, resilience, and leveraging managed services for enhanced security and reduced complexity.

Add to list

1 Lesons

10 minutes

On-Demand

Free-Video

Google Cloud Tech

Automation and SecOps Integration in Google Cloud Armor

Enhance security delivery and visibility using Infrastructure as Code automation and SecOps integrations in Google Cloud Armor. Learn to expand policy reach and keep your organization safe.

Add to list

5 Lesons

11 minutes

On-Demand

Free-Video

Rahul Wagh

AWS WAF and Web ACL Tutorial - Step-by-Step Guide

Learn to set up and manage AWS WAF: configure VPC, EC2 instances, load balancers, and create Web ACLs with custom rules for blocking and allowing HTTP requests.

Add to list

13 Lesons

28 minutes

On-Demand

Free-Video

NahamSec

The Art of Bypassing Web Application Firewalls - Live Demos