SecAppDev 2024 lecture details
An open source WAF in a high security setting
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Wednesday June 5th, 09:00 - 10:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
The Swiss Post Online Voting system uses an Apache / OWASP ModSecurity / OWASP CRS Web Application Firewall as a 1st line of defense in its multilayered architecture.
This lecture will talk about WAFs in general, the very political context of this interesting deployment and the role the WAF plays in this fully transparent setup.
Key takeaway
Basic understanding of web application firewalls, their use cases and their limits.
Content level
Introductory
Target audience
Technical or non-technical audience with an interest to learn about WAFs from a WAF veteran.
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat nowChristian Folini
Project Co-Lead, OWASP CRS, OWASP ModSecurity
Expertise: Web application security, Web Application Firewalls (WAF)
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka in room West Wing
Tuesday June 4th, 14:00 - 15:30
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.