Top 10 OWASP Imperva WAF vs F5 BigIP ASM Top OWASP A1-Injection Imperva SecureSphere WAF SQL Injection SQL

Injection

Trung tm vin thng tin hc F5 BigIP ASM

A2-Cross Site Scripting (XSS) A3-Broken Authentication and Session Management A4-Insecure Direct Object References A5-Cross Site Request Forgery (CSRF)

Cross Site Scripting (XSS)

Cross Site Scripting (XSS)

Cookie Poisoning/ Injection. Session Hijacking Parameter Tampering. Dynamic Profiling Cross Site Request Forgery (CSRF)

Session hijacking

Parameter and HPP tampering

Cross-site request forgery

A6-Security Misconfiguration

Web server software and operating system attacks. Dynamic Profiling virtual patch

Cha r

A7-Insecure Cryptographic Sensitive Data Leakage (Social Security Storage Numbers, Cardholder Data, PII, HPI) A8-Failure to Restrict URL Access Forceful Browsing. Error code handling. Imperva WAF kim sot URL nhiu cp . Khi vi phm xy ra Impeva tr ra trang bo li cho ngi dng cui v to arlert cho admin. Imperva WAF c kh nng ngt kt ni SSL. Kh nng gn thm kt ni SSL cho HTTP thng thng (URL rewriting). Imperva WAF tun theo chun FLIPS Tnh nng URL rewriting. Tnh nng ThreatRadar.

Cha r

Forceful Browsing

A9-Insufficient Transport Layer Protection

Cha r

A10-Unvalidated Redirects and Forwards

Cha r

Do Quoc Cuong

1/1

23/12/2010