Description: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-henrique.pdf WAF (Web Application Firewalls) are often called 'Deep Packet Inspection Firewalls' because they look at every request and response within the HTTP/HTTPS/SOAP/XML-RPC/Web Service layers. Some WAFs look for certain 'attack signatures' to try to identify a specific attack that an intruder may be sending, while others look for abnormal behavior that doesn't fit the websites normal traffic patterns. Web Application Firewalls can be either software, or hardware appliance based and are installed in front of a webserver in an effort to try and shield it from incoming attacks.
Today WAF systems are considered the next generation product to protect websites against web hacking attacks, this presentation will show some techniques to detect, fingerprint and evade them. Affiliated to Hackaholic team (http://hackaholic.org/) and working as penetration tester to a Brazilian company called SecurityLabs in the Intruders Tiger Team division - One of leaders company of segment in Brazil, among our clients are government, credit card industry, etc.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 16 , Defcon 16 , dc-16 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.