Standards in Desktop Firewall Policies

by Phil Kostenbader, CISSP, and Bob Donnelly, CISM, CISSP

The idea of a common desktop firewall policy in any size organization is a very good thing. It makes responses to external or internal situations such as virus outbreaks or network-oriented propagation of viruses more predictable. In addition to providing a level of protection against port scanning, attacks or software vulnerabilities, it can provide the organizations local security team a baseline or starting point in dealing with such events.

The purpose of this article is to discuss the need for a desktop firewall policy within an organization, determine how it should be formed, and provide an example of one along with the security benefits it provides an organization.
» Read more

Web Application Firewalls: Analysis of Detection Logic

by Vladimir Ivanov

This presentation highlights the core of Web Application Firewall detection logic and accentuates the regular expressions detection mechanism. Other highlights include the use of the Static Application Security Testing (SAST) tool for Regular Expressions analysis, aiming to find security flaws in the syntax of regular expressions. Using the proposed “regex security cheat sheet”, rules from popular WAFs will be examined. Logical flaws in regular expressions will be demonstrated by applying author’s bug hunting experience and best practices.
» Read more