WTF - WAF Testing Framework - Yaniv Azaria and Amichai Shulman
Title: WTF - WAF Testing Framework
We will be presenting a new approach to evaluating web application firewall capabilities that is suitable to the real world use case. Our methodology touches on issues like False Positive / False Negative rates, evasion techniques and white listing / black listing balance. We will demonstrate a tool that can be used by organizations to implement the methodology either when choosing an application protection solution or after deployment.
Yaniv Azaria, Security Research Team Leader, Impervia Inc.
Yaniv holds a B.Sc and M.Sc in Computer Science. An industry veteran with experience in developing web applications, bio-informatic algorithms and database security products. Was team leader for database security research in Imperva for 3 years and for the past couple of years conducts general database and application security research in general.
Amichai Shulman, Co-Founder and CTO of Impervia, Inc.
Co-founder and CTO of Imperva Inc with 20 years of information security experience in the military and corporate world. Leading our research group in the areas of vulnerability research as well as hacker intelligence. Holds B.Sc and M.Sc in Computer Science.
Date:Thursday October 25, 2012 4:00pm - 4:45pm
Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel.Gemalto Room
Presentation Slides: owasp.org/images/0/00/OWASP-2012-WTF.pdf