SLIDE 1
Framework for Application Security Testing
September 11th, 2018Create thousands of security tests from existing functional tests …automatically
Framework for Application Security Testing September 11th, 2018 - - PowerPoint PPT Presentation
Framework for Application Security Testing September 11th, 2018 - - PowerPoint PPT Presentation
Framework for Application Security Testing September 11th, 2018 Create thousands of security tests from existing functional tests automatically Wallarm FAST enables secure CI / CD Wallarm FAST has many cool features to help
SLIDE 2
SLIDE 3
Chris Rodriguez
- SENIOR. ANALYST
“
Wallarm FAST — enables secure CI / CD
Wallarm FAST has many cool features to help DevOps teams strike the delicate balance between the security of the application and the very short release cycles.
SLIDE 4
Results may include:
- vulnerabilities of known types such as OWASP Top 10
- unknown and zero-day vulnerabilities with a fuzzer
- vulnerabilities in XML, REST, JSON, SOAP, Base64 and
protocols with nested encoding (no configuration required to parse it)
- API/endpoint behavioral anomalies
Finds Issues BEFORE Software is Deployed
SLIDE 5
Generating Tests
- Capture a baseline from QA or production traffic,
- Create security tests by inserting XSS, PTRAV, RCE
- r SQLi vector into all or specified web API
- Create thousands of tests by applying fuzzing
- Specify test pass criteria to detect anomalies
- Policy for generating tests can be defined out of
A
SLIDE 6
- Generated tests run automatically
- Running tests and retrieving results is easily
- Authentication/credentials can be inherited from
- Rate of testing and termination criteria are explicitly
- Automation and reporting are well suited for
B
Running Tests
SLIDE 7
Actionable intelligence
Provides actionable detailed information for every issue found:- riginal (baseline) request
- test that found vulnerability
- detailed vulnerability description
- example exploit
SLIDE 8
Start testing within minutes
Register for a new FAST account https://fast.wallarm.com/signup Define a new TestRun in Wallarm Console Pull wallarm/fast-proxy from a Docker Registry Configure your browser, Selenium- r shell to use wallarm-proxy
SLIDE 9
Sample Deployment Diagram
SLIDE 10
Core HR
Security Developers DevOps QA teams
+
Who is FAST for?
SLIDE 11
Licensing
DevOps Team License
- 14 days trial license
- Starts at $7000 per license
- Limited to 10,000 baselines
per month and 15 users per Customer ID Pen-tester productivity license Contact us
SLIDE 12
Wallarm Ecosystem for Application & API Security
Adaptive AI Platform enables dev/QA and production application & API security
Attack blocking Adaptive real time web and API protection ScanningAutomated CI/CD
integrated security testing Testing SLIDE 13
Try it for yourself today
$docker run wallarm/fast
Application Security powered by AI
Other Wallarm products fast.wallarm.com/signup Demo video Marketing video Data Sheet Evaluation guide Test policy guide Wallarm attack mitigation for applications and APIs (NG WAF)- protection against full spectrum
- f threats: OWASP Top 10, bots,
- Works in full blocking mode
- AI-powered detection and
SLIDE 14
About Wallarm
Founded in 2013 Headquartered in Silicon Valley Backed by prominent VCs Y Combinator, Partech Ventures, Runa Capital Profiled in analyst’s reports as one- f 12 leading WAF providers