In Web Application Firewalls: A Practical Approach, John Stauffacher shares his expertise and the methods he has used for optimizing Web application firewalls throughout his career. This book focuses on a general methodology and then delves into vendor specifics for firewalls such as F5 ASM, Imperva, and the open source tool ModSecurity. Web Application Firewalls provides you with everything you need to understand and properly deploy a Web application firewall (WAF). You'll learn basic methodology and concepts, including the fundamentals of authentication, flows, URLs, cookies, assets, signatures, DDOS mitigation, and Web services inspection. Then, you'll learn about the WAF Lifecycle methodology, including onboarding the application, policy creation, testing, deployment, and verification. The book also offers hands-on product-specific tutorials on popular WAFs. You'll have everything you need to optimize your Web application firewall against any security threat.
- Presents the only comprehensive overview of Web application firewall methodology, from one of the industry's leading experts on WAF
- Gives you everything you need to configure, deploy, and optimize your Web application firewall
- Provides product-specific coverage of all the most popular WAFs, including F5, ModSecurity, and Imperva
1. Introduction 2. Web Applications 3. Web Application Firewalls 4. Web Application Firewall Fundamentals 5. WAF Lifecycle Methodology 6. Applying the WAF Lifecycle to F5 7. Applying the WAF Lifecycle to ModSecurity 8. Applying the WAF Lifecycle to Imperva 9. Appendix
John Stauffacher is a certified Network Security and Engineering specialist with over 17 years of experience in IT Security. John is currently Application Security Principal Consultant at Accuvant, and he is also an Advisory Board Member at CyberWatch West and Red Team Member at the Western Regional Collegiate Cyber Defense Competition. Firewalls are his main professional interest and he has published numerous articles and papers on this topic.