Web Application Firewall
About The Course
This training provides the participants with the an in-depth understanding of what is a Web Application Firewall (WAF), types of WAFs, and the approach to installing WAFs for protecting their web applications against external threats and preventing data leakage. Using the examples of industry-leading WAFs with sufficient hands-on exercises, the training course dives into the details of configuration, administration, fine-tuning, alerting, and reporting aspects of WAFs.
What is Web Application Firewall (WAF)?
A Web application firewall (WAF) or application-layer firewall is an appliance or software designed to protect web applications against attacks and data leakage. It sits between the web server and the Internet, analyzing application layer messages for violations in the programmed security policy. WAFs address different security issues than network firewalls and intrusion detection/prevention systems, which are basically designed to defend the perimeter of the network. WAFs are designed to protect application-layer traffic through signatures and acceptable-use profiles. WAFs prevent threats when it is inconvenient to modify code. They also provide an important feedback loop to developers as part of the overall SDLC process.
How important is WAF to your application security program?
Since WAFs examine the entire network packet, they have more extensive logging capabilities and can record application-specific commands. We need to define carefully what information your firewall should log; ideally consisting of full request and response data, including headers and body payloads. By having a Web application firewall in place as part of a layered security model, you can observe, monitor and look for any signs of intrusion.
Who should attend this training?
- Network and Desktop Engineers
- Incident Management Team
- System Administrators
- Security Administrators
- Technical Support Staff
- IT Managers
Why should you attend?
By having a Web application firewall in place as part of a layered security model, you are able to observe, monitor and look for any signs of intrusion and accordingly secure your corporate network.
After the training, you will be able to answer the following questions:
- How well does WAF meet your organization’s security policy objectives and regulatory requirements?
- Do you have the required in-house skills to use WAF correctly and effectively?
- How will WAF affect your existing services and users and at what cost?
- Will your WAF be able to scale up to meet your peak throughput?
Knowledge of web application security issues, such as OWASP Top 10
Table of Contents