Of course, we are always careful to develop securely and to avoid injection or cross site scripting vulnerabilities, for example. But can we always trust the code 100%? Not surprisingly, injection vulnerabilities are at the top of the current OWASP Top Ten.
Or do we not even have full control over the web applications used?
This is where a Web Application Firewall (WAF) comes into play. It offers an additional layer of security in front of the application and can prevent attacks from reaching the application in the first place and causing damage.
We look at how a web application firewall works. We get to know the OWASP ModSecurity Core Rule Set, an open source set of rules against web application attacks.
And we look at how we integrate a WAF into a continuous integration pipeline to give the developer early feedback on the functionality of the WAF with the application.
Speaker
Fränzi Bühler (@bufrasch) is a security enthusiast who has been committed to security for over 10 years. While working as a security architect at Puzzle ITC, she can live out her passion for both Puzzle and external customers. In her free time, she is an OWASP (Open Web Application Security Project) member and OWASP ModSecurity Core Rule Set developer, helping to make the web application world a little more secure. She also blogs and speaks at conferences.