SlideShare une entreprise Scribd logo

BIG-IP v12.1 Application Security Manager WebSocket

Lior Rotkovitch
Lior Rotkovitch

Web Socket WAF detection and mitigation

Ingénierie
1  sur  45
Télécharger pour lire hors ligne
BIG-IP v12.1 Application Security Manager WebSocket Created by , NPIE ASM lior@f5.com V1.0 March, 2016 @rotkovitch
© F5 Networks, Inc 2 • Intro to WebSocket • ASM and WebSocket • WebSocket violations • WebSocket URL setting • WebSocket in the request log • WebSocket Learning and policy building • Demo flow Index
© F5 Networks, Inc 3 Intro to WebSocket http://demo.kaazing.com/forex/ http://www.websocket.org/echo.html
© F5 Networks, Inc 4 • WebSocket provide simple framing layer on top of HTTP • Key Benefits : • Two-way communication • Connections that are persistent • Full-duplex. • Low HTTP and TCP overhead • WebSocket protocol is RFC 6455 WebSocket intro
© F5 Networks, Inc 5 WebSocket intro – Handshake and frames exchange CLIENT SERVER GET /chat HTTP/1.1 Host: server.example.com Upgrade: Websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Origin: http://example.com Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 HTTP/1.1 101 Switching Protocols Upgrade: Websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= Sec-WebSocket-Protocol: chat Websocket frame Websocket frame Websocket frame Websocket close frame Websocket close frame
© F5 Networks, Inc 6 WebSocket Demo 1 2 WS filter http://www.websocket.org/echo.html
© F5 Networks, Inc 7 ASM is WebSocket aware 1. Can enforce the WebSocket handshake – RFC checks 2. Can enforce the payload of type : • Plain text – signatures • JSON – structure & signatures • Binary - enforce length of frame size And: • Enforce fragmentation • Allows WS and WSS Note: must have WebSocket Profile on the Virtual IP ASM & WebSocket
© F5 Networks, Inc 8 Enforcement Threat Prevented Mitigation 1 Handshake protocol correctness Server stack abuse. Enforce the mandatory headers and their well-formedness in request. 2 Cross-origin access Session riding/ CSRF Deny access to all requests coming from origins not in the configured whitelist. 3 HTTP upgrade flood prevention Exhausting server socket resources Limit the RPS per WS/WSS URLs. We will use the same limits as for all URLs in a VS, HTTP and WS alike. 4 Login enforcement Information leakage Enforce login session also for WS/WSS URLs. Requires adding protocol (HTTP/S, WS/S) to the protected URLs 5 Attack signature detection XSS, SQL injection, command shell injection and all other threats signatures prevent Look for parameter content attack signatures in each textual WS message. If found, close the WebSocket with a Close message. Request log will show the sent message 6 Illegal encoding and meta characters Exploit server stack Perform the following checks per textual message: Check UTF-8 encoding (mandated by RFC, no other encoding is allowed). Check for illegal meta-characters. Check for null character 7 Enforce message masking Cache poisoning Enforce message masking for client textual messages in order to avoid cache poisoning. 8 Limit message and frame size and correctness of framing Buffer overflow Limit message size, frame size and enforce correctness of framing 9 Enforce message structure in JSON format Exploit server stack Buffer overflow Apply JSON content profile per WS message with all possible defenses including signatures and metacharacters. 10 Slow send/receive Exhaust server socket resources Limit the time for sending a message and time between messages.
© F5 Networks, Inc 9 WebSocket violations – Protocol compliance
© F5 Networks, Inc 10 WebSocket violations – Protocol compliance Security ›› Application Security ›› Policy Building ›› Learning and Blocking Settings
© F5 Networks, Inc 11 WebSocket violations – Protocol compliance • Bad WebSocket handshake request • Failure in WebSocket framing protocol • Mask not found in client frame • Null character found in WebSocket text massage
© F5 Networks, Inc 12 WebSocket violations – Protocol compliance • Bad WebSocket handshake request • HTTP Version is 1.1 • “Upgrade” header appears once • "Sec-WebSocket-Key“ has one occurrence and is base 64 encoded • "Sec-WebSocket-Version“ has once occurrence and value of 13 • Evasion technique
© F5 Networks, Inc 13 WebSocket violations – Protocol compliance • Failure in WebSocket framing protocol • Continuing frame without start frame. • Start frame without ending the previous message fragmentation (interleaving fragmentation is not allowed!) • Control frame with FIN flag off (i.e. attempt to fragment them). • Control frame payload size is greater than 125.
© F5 Networks, Inc 14 WebSocket violations – Protocol compliance • Mask not found in client frame • Each frame should have a bit mask according to the RFC. • Enforce the continuity of the frames by verifying the bit mask exists • Client side • Null character found in WebSocket text massage • Null character inside message payload of type JSON and Text will be enforce. • Indifferent to “check message payload”
© F5 Networks, Inc 15 WebSocket URL Entities Security ›› Application Security ›› Policy Building ›› Learning and Blocking Settings Policy Type Learn New WebSocket URL’s Fundamental Never Enhance Selective Comprehensive Add all entities
© F5 Networks, Inc 16 1. Binary content found in text only WebSocket 2. Illegal WebSocket binary message length 3. Illegal WebSocket extension 4. Illegal WebSocket frame length 5. Illegal number of frame per message 6. Text content found in binary only WebSocket WebSocket Violations - Payload
© F5 Networks, Inc 17 • Binary content found in text only WebSocket • The WebScoket payload is defined as text but the payload contains binary payload. WebSocket Violations - Payload
© F5 Networks, Inc 18 • Illegal WebSocket binary message length • Binary message size enforce of 10000 bytes (default) WebSocket Violations - Payload
© F5 Networks, Inc 19 • Illegal WebSocket extension • Protocol extensions: Per-message compression, Interleaved message fragmentation, etc • ASM can do the following for WebScoket extension : o Remove headers – remove the extension header (default) o Ignore – ignore the extension header (let then pass) o Block – block request with WebSocket extension WebSocket Violations - Payload
© F5 Networks, Inc 20 • Illegal WebSocket frame length WebSocket Violations - Payload
© F5 Networks, Inc 21 • Illegal number of frames per message WebSocket Violations - Payload
© F5 Networks, Inc 22 • Text content found in binary only WebSocket WebSocket Violations - Payload
© F5 Networks, Inc 23 WebSocket URL configuration
© F5 Networks, Inc 24 WebSocket URL configuration
© F5 Networks, Inc 25 WebSocket URL configuration
© F5 Networks, Inc 26 Reviewing WebSocket message in the request log
© F5 Networks, Inc 27 Reviewing WebSocket message in the request log Security ›› Event Logs ›› Application ›› Requests 1 2 3
© F5 Networks, Inc 28 WebSocket - Request log filtering Security ›› Event Logs ›› Application ›› Requests
© F5 Networks, Inc 29 WebSocket - Request log filtering
© F5 Networks, Inc 30 WebSocket Handshake
© F5 Networks, Inc 31 WebSocket Handshake
© F5 Networks, Inc 32 WebSocket - Ping Pong
© F5 Networks, Inc 33 WebSocket - Close
© F5 Networks, Inc 34 WebSocket Demo
© F5 Networks, Inc 35 Leaning page for WebSocket
© F5 Networks, Inc 36 WebSocket URL
© F5 Networks, Inc 37 Leaning page for WebSocket
© F5 Networks, Inc 38 “Sec-WebSocket-Extensions” WebSocket URL
© F5 Networks, Inc 39 WebSocket URL
© F5 Networks, Inc 40 Policy builder classification
© F5 Networks, Inc 41 JSON facts
© F5 Networks, Inc 42 Attack signatures on Web Socket
© F5 Networks, Inc 43 Web Sokcet Learning and attack signature
© F5 Networks, Inc 44 Override attack signature – false positive
© F5 Networks, Inc 45 • ASM support WebSocket protocol • Enforce protocol compliance • Enforce payload – • Plane Text – attack signature , null • JSON – structure and attack signature • Binary – length • New violations and setting for Web Scoket • Policy builder can learn the URL and classify the WebSocket payload types. • Request log display the communication between client and server Summary

Recommandé

WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 

Recommandé

WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanWAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 clean
WAF ASM / Advance WAF - Brute force lior rotkovitch f5 sirt v5 cleanLior Rotkovitch
 
F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection F5 SIRT - F5 ASM WAF - DDoS protection
F5 SIRT - F5 ASM WAF - DDoS protection Lior Rotkovitch
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS ProtectionMarketingArrowECS_CZ
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityMarketingArrowECS_CZ
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
Cloudflare
CloudflareCloudflare
CloudflareFadi Abdulwahab
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Akamai waf
Akamai wafAkamai waf
Akamai wafAysegul Ekinci
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityAlibaba Cloud
 
DDoS Saldırı Analizi - DDoS Forensics
DDoS Saldırı Analizi - DDoS ForensicsDDoS Saldırı Analizi - DDoS Forensics
DDoS Saldırı Analizi - DDoS ForensicsBGA Cyber Security
 
FortiWeb
FortiWebFortiWeb
FortiWebAlireza Akrami
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18BGA Cyber Security
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Api security-testing
Api security-testingApi security-testing
Api security-testingn|u - The Open Security Community
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 

Contenu connexe

Tendances

F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence ServiceF5 Networks
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityAlibaba Cloud
 
DDoS Saldırı Analizi - DDoS Forensics
DDoS Saldırı Analizi - DDoS ForensicsDDoS Saldırı Analizi - DDoS Forensics
DDoS Saldırı Analizi - DDoS ForensicsBGA Cyber Security
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18BGA Cyber Security
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 

Tendances (20)

F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Cloudflare
CloudflareCloudflare
Cloudflare
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
F5's IP Intelligence Service
F5's IP Intelligence ServiceF5's IP Intelligence Service
F5's IP Intelligence Service
 
Akamai waf
Akamai wafAkamai waf
Akamai waf
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application Security
 
DDoS Saldırı Analizi - DDoS Forensics
DDoS Saldırı Analizi - DDoS ForensicsDDoS Saldırı Analizi - DDoS Forensics
DDoS Saldırı Analizi - DDoS Forensics
 
FortiWeb
FortiWebFortiWeb
FortiWeb
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And Countermeasures
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 16, 17, 18
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 

Similaire à BIG-IP v12.1 Application Security Manager WebSocket

WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)Peter Lubbers
 
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCamelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCharles Moulliard
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Introduction to WebSockets
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSocketsGunnar Hillert
 
Mulesoft Pune Meetup Deck - Apr 2020
Mulesoft Pune Meetup Deck - Apr 2020Mulesoft Pune Meetup Deck - Apr 2020
Mulesoft Pune Meetup Deck - Apr 2020Santosh Ojha
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
Jetty 9 – The Next Generation Servlet Container
Jetty 9 – The Next Generation Servlet ContainerJetty 9 – The Next Generation Servlet Container
Jetty 9 – The Next Generation Servlet ContainerCodemotion
 
Realizzare applicazioni Web con WebSocket, by Simone Bordet
Realizzare applicazioni Web con WebSocket, by Simone BordetRealizzare applicazioni Web con WebSocket, by Simone Bordet
Realizzare applicazioni Web con WebSocket, by Simone BordetCodemotion
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Scott Sims
 
Websocket technology for XPages
Websocket technology for XPagesWebsocket technology for XPages
Websocket technology for XPagesCsaba Kiss
 
Http requesting smuggling
Http requesting smugglingHttp requesting smuggling
Http requesting smugglingApijay Kumar
 
Http requesting smuggling
Http requesting smugglingHttp requesting smuggling
Http requesting smugglingApijay Kumar
 
Why Traditional Web Security Technologies no Longer Suffice to Keep You Safe
Why Traditional Web Security Technologies no Longer Suffice to Keep You SafeWhy Traditional Web Security Technologies no Longer Suffice to Keep You Safe
Why Traditional Web Security Technologies no Longer Suffice to Keep You SafePhilippe De Ryck
 
Programming WebSockets - OSCON 2010
Programming WebSockets - OSCON 2010Programming WebSockets - OSCON 2010
Programming WebSockets - OSCON 2010sullis
 
Dev con kolkata 2012 websockets
Dev con kolkata 2012 websocketsDev con kolkata 2012 websockets
Dev con kolkata 2012 websocketsSANKARSAN BOSE
 
Websockets at tossug
Websockets at tossugWebsockets at tossug
Websockets at tossugclkao
 

Similaire à BIG-IP v12.1 Application Security Manager WebSocket (20)

WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
 
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
HTML5 Real Time and WebSocket Code Lab (SFHTML5, GTUGSF)
 
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/CamelCamelone-2012 HTML5 WebSocket ActiveMQ/Camel
Camelone-2012 HTML5 WebSocket ActiveMQ/Camel
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Introduction to WebSockets
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSockets
 
Mulesoft Pune Meetup Deck - Apr 2020
Mulesoft Pune Meetup Deck - Apr 2020Mulesoft Pune Meetup Deck - Apr 2020
Mulesoft Pune Meetup Deck - Apr 2020
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
Jetty 9 – The Next Generation Servlet Container
Jetty 9 – The Next Generation Servlet ContainerJetty 9 – The Next Generation Servlet Container
Jetty 9 – The Next Generation Servlet Container
 
Realizzare applicazioni Web con WebSocket, by Simone Bordet
Realizzare applicazioni Web con WebSocket, by Simone BordetRealizzare applicazioni Web con WebSocket, by Simone Bordet
Realizzare applicazioni Web con WebSocket, by Simone Bordet
 
WebRCT
WebRCTWebRCT
WebRCT
 
Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016Brocade vADC Portfolio Overview 2016
Brocade vADC Portfolio Overview 2016
 
Websocket technology for XPages
Websocket technology for XPagesWebsocket technology for XPages
Websocket technology for XPages
 
Http requesting smuggling
Http requesting smugglingHttp requesting smuggling
Http requesting smuggling
 
Http requesting smuggling
Http requesting smugglingHttp requesting smuggling
Http requesting smuggling
 
Why Traditional Web Security Technologies no Longer Suffice to Keep You Safe
Why Traditional Web Security Technologies no Longer Suffice to Keep You SafeWhy Traditional Web Security Technologies no Longer Suffice to Keep You Safe
Why Traditional Web Security Technologies no Longer Suffice to Keep You Safe
 
Programming WebSockets - OSCON 2010
Programming WebSockets - OSCON 2010Programming WebSockets - OSCON 2010
Programming WebSockets - OSCON 2010
 
Dev con kolkata 2012 websockets
Dev con kolkata 2012 websocketsDev con kolkata 2012 websockets
Dev con kolkata 2012 websockets
 
Websocket
WebsocketWebsocket
Websocket
 
Websockets at tossug
Websockets at tossugWebsockets at tossug
Websockets at tossug
 

Plus de Lior Rotkovitch

Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfLior Rotkovitch
 
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...Lior Rotkovitch
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfLior Rotkovitch
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...Lior Rotkovitch
 
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfA Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfLior Rotkovitch
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )Lior Rotkovitch
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchLior Rotkovitch
 
The waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchThe waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchLior Rotkovitch
 
The waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchThe waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchLior Rotkovitch
 
The waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchThe waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchLior Rotkovitch
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Lior Rotkovitch
 
Bots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineBots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineLior Rotkovitch
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchLior Rotkovitch
 
Html cors- lior rotkovitch
Html cors- lior rotkovitchHtml cors- lior rotkovitch
Html cors- lior rotkovitchLior Rotkovitch
 
הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training Lior Rotkovitch
 
פיתוח הדרכה מתוקשבת
פיתוח הדרכה מתוקשבתפיתוח הדרכה מתוקשבת
פיתוח הדרכה מתוקשבתLior Rotkovitch
 

Plus de Lior Rotkovitch (17)

Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
 
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
HTTP Brute Force Mitigation Playbook Bot Profile for Brute Force Mitigations ...
 
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdfBots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
Bots mitigations overview with Advance WAF - Anti ... - DevCentral.pdf
 
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...
 
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdfA Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
A Day in the Life of a Security Engineer from Tel Aviv- clean.pdf
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
 
The WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitchThe WAF book intro protection elements v1.0 lior rotkovitch
The WAF book intro protection elements v1.0 lior rotkovitch
 
The waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitchThe waf book intro waf elements v1.0 lior rotkovitch
The waf book intro waf elements v1.0 lior rotkovitch
 
The waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitchThe waf book intro v1.0 lior rotkovitch
The waf book intro v1.0 lior rotkovitch
 
The waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitchThe waf book intro attack elements v1.0 lior rotkovitch
The waf book intro attack elements v1.0 lior rotkovitch
 
Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1 Advance WAF bot mitigations V13.1
Advance WAF bot mitigations V13.1
 
Bots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engineBots mitigations overview with advance waf anti bot engine
Bots mitigations overview with advance waf anti bot engine
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
 
Html cors- lior rotkovitch
Html cors- lior rotkovitchHtml cors- lior rotkovitch
Html cors- lior rotkovitch
 
הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training הדרכה מבוססת אינטרנט Wbt - Web based training
הדרכה מבוססת אינטרנט Wbt - Web based training
 
פיתוח הדרכה מתוקשבת
פיתוח הדרכה מתוקשבתפיתוח הדרכה מתוקשבת
פיתוח הדרכה מתוקשבת
 

Dernier

Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 

Dernier (20)

Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 

BIG-IP v12.1 Application Security Manager WebSocket

  • 1. BIG-IP v12.1 Application Security Manager WebSocket Created by , NPIE ASM lior@f5.com V1.0 March, 2016 @rotkovitch
  • 2. © F5 Networks, Inc 2 • Intro to WebSocket • ASM and WebSocket • WebSocket violations • WebSocket URL setting • WebSocket in the request log • WebSocket Learning and policy building • Demo flow Index
  • 3. © F5 Networks, Inc 3 Intro to WebSocket http://demo.kaazing.com/forex/ http://www.websocket.org/echo.html
  • 4. © F5 Networks, Inc 4 • WebSocket provide simple framing layer on top of HTTP • Key Benefits : • Two-way communication • Connections that are persistent • Full-duplex. • Low HTTP and TCP overhead • WebSocket protocol is RFC 6455 WebSocket intro
  • 5. © F5 Networks, Inc 5 WebSocket intro – Handshake and frames exchange CLIENT SERVER GET /chat HTTP/1.1 Host: server.example.com Upgrade: Websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Origin: http://example.com Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 HTTP/1.1 101 Switching Protocols Upgrade: Websocket Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= Sec-WebSocket-Protocol: chat Websocket frame Websocket frame Websocket frame Websocket close frame Websocket close frame
  • 6. © F5 Networks, Inc 6 WebSocket Demo 1 2 WS filter http://www.websocket.org/echo.html
  • 7. © F5 Networks, Inc 7 ASM is WebSocket aware 1. Can enforce the WebSocket handshake – RFC checks 2. Can enforce the payload of type : • Plain text – signatures • JSON – structure & signatures • Binary - enforce length of frame size And: • Enforce fragmentation • Allows WS and WSS Note: must have WebSocket Profile on the Virtual IP ASM & WebSocket
  • 8. © F5 Networks, Inc 8 Enforcement Threat Prevented Mitigation 1 Handshake protocol correctness Server stack abuse. Enforce the mandatory headers and their well-formedness in request. 2 Cross-origin access Session riding/ CSRF Deny access to all requests coming from origins not in the configured whitelist. 3 HTTP upgrade flood prevention Exhausting server socket resources Limit the RPS per WS/WSS URLs. We will use the same limits as for all URLs in a VS, HTTP and WS alike. 4 Login enforcement Information leakage Enforce login session also for WS/WSS URLs. Requires adding protocol (HTTP/S, WS/S) to the protected URLs 5 Attack signature detection XSS, SQL injection, command shell injection and all other threats signatures prevent Look for parameter content attack signatures in each textual WS message. If found, close the WebSocket with a Close message. Request log will show the sent message 6 Illegal encoding and meta characters Exploit server stack Perform the following checks per textual message: Check UTF-8 encoding (mandated by RFC, no other encoding is allowed). Check for illegal meta-characters. Check for null character 7 Enforce message masking Cache poisoning Enforce message masking for client textual messages in order to avoid cache poisoning. 8 Limit message and frame size and correctness of framing Buffer overflow Limit message size, frame size and enforce correctness of framing 9 Enforce message structure in JSON format Exploit server stack Buffer overflow Apply JSON content profile per WS message with all possible defenses including signatures and metacharacters. 10 Slow send/receive Exhaust server socket resources Limit the time for sending a message and time between messages.
  • 9. © F5 Networks, Inc 9 WebSocket violations – Protocol compliance
  • 10. © F5 Networks, Inc 10 WebSocket violations – Protocol compliance Security ›› Application Security ›› Policy Building ›› Learning and Blocking Settings
  • 11. © F5 Networks, Inc 11 WebSocket violations – Protocol compliance • Bad WebSocket handshake request • Failure in WebSocket framing protocol • Mask not found in client frame • Null character found in WebSocket text massage
  • 12. © F5 Networks, Inc 12 WebSocket violations – Protocol compliance • Bad WebSocket handshake request • HTTP Version is 1.1 • “Upgrade” header appears once • "Sec-WebSocket-Key“ has one occurrence and is base 64 encoded • "Sec-WebSocket-Version“ has once occurrence and value of 13 • Evasion technique
  • 13. © F5 Networks, Inc 13 WebSocket violations – Protocol compliance • Failure in WebSocket framing protocol • Continuing frame without start frame. • Start frame without ending the previous message fragmentation (interleaving fragmentation is not allowed!) • Control frame with FIN flag off (i.e. attempt to fragment them). • Control frame payload size is greater than 125.
  • 14. © F5 Networks, Inc 14 WebSocket violations – Protocol compliance • Mask not found in client frame • Each frame should have a bit mask according to the RFC. • Enforce the continuity of the frames by verifying the bit mask exists • Client side • Null character found in WebSocket text massage • Null character inside message payload of type JSON and Text will be enforce. • Indifferent to “check message payload”
  • 15. © F5 Networks, Inc 15 WebSocket URL Entities Security ›› Application Security ›› Policy Building ›› Learning and Blocking Settings Policy Type Learn New WebSocket URL’s Fundamental Never Enhance Selective Comprehensive Add all entities
  • 16. © F5 Networks, Inc 16 1. Binary content found in text only WebSocket 2. Illegal WebSocket binary message length 3. Illegal WebSocket extension 4. Illegal WebSocket frame length 5. Illegal number of frame per message 6. Text content found in binary only WebSocket WebSocket Violations - Payload
  • 17. © F5 Networks, Inc 17 • Binary content found in text only WebSocket • The WebScoket payload is defined as text but the payload contains binary payload. WebSocket Violations - Payload
  • 18. © F5 Networks, Inc 18 • Illegal WebSocket binary message length • Binary message size enforce of 10000 bytes (default) WebSocket Violations - Payload
  • 19. © F5 Networks, Inc 19 • Illegal WebSocket extension • Protocol extensions: Per-message compression, Interleaved message fragmentation, etc • ASM can do the following for WebScoket extension : o Remove headers – remove the extension header (default) o Ignore – ignore the extension header (let then pass) o Block – block request with WebSocket extension WebSocket Violations - Payload
  • 20. © F5 Networks, Inc 20 • Illegal WebSocket frame length WebSocket Violations - Payload
  • 21. © F5 Networks, Inc 21 • Illegal number of frames per message WebSocket Violations - Payload
  • 22. © F5 Networks, Inc 22 • Text content found in binary only WebSocket WebSocket Violations - Payload
  • 23. © F5 Networks, Inc 23 WebSocket URL configuration
  • 24. © F5 Networks, Inc 24 WebSocket URL configuration
  • 25. © F5 Networks, Inc 25 WebSocket URL configuration
  • 26. © F5 Networks, Inc 26 Reviewing WebSocket message in the request log
  • 27. © F5 Networks, Inc 27 Reviewing WebSocket message in the request log Security ›› Event Logs ›› Application ›› Requests 1 2 3
  • 28. © F5 Networks, Inc 28 WebSocket - Request log filtering Security ›› Event Logs ›› Application ›› Requests
  • 29. © F5 Networks, Inc 29 WebSocket - Request log filtering
  • 30. © F5 Networks, Inc 30 WebSocket Handshake
  • 31. © F5 Networks, Inc 31 WebSocket Handshake
  • 32. © F5 Networks, Inc 32 WebSocket - Ping Pong
  • 33. © F5 Networks, Inc 33 WebSocket - Close
  • 34. © F5 Networks, Inc 34 WebSocket Demo
  • 35. © F5 Networks, Inc 35 Leaning page for WebSocket
  • 36. © F5 Networks, Inc 36 WebSocket URL
  • 37. © F5 Networks, Inc 37 Leaning page for WebSocket
  • 38. © F5 Networks, Inc 38 “Sec-WebSocket-Extensions” WebSocket URL
  • 39. © F5 Networks, Inc 39 WebSocket URL
  • 40. © F5 Networks, Inc 40 Policy builder classification
  • 41. © F5 Networks, Inc 41 JSON facts
  • 42. © F5 Networks, Inc 42 Attack signatures on Web Socket
  • 43. © F5 Networks, Inc 43 Web Sokcet Learning and attack signature
  • 44. © F5 Networks, Inc 44 Override attack signature – false positive
  • 45. © F5 Networks, Inc 45 • ASM support WebSocket protocol • Enforce protocol compliance • Enforce payload – • Plane Text – attack signature , null • JSON – structure and attack signature • Binary – length • New violations and setting for Web Scoket • Policy builder can learn the URL and classify the WebSocket payload types. • Request log display the communication between client and server Summary