BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.gulas.ch//gpn24//talk//9TSLFQ
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-gpn24-9TSLFQ@cfp.gulas.ch
DTSTART;TZID=CET:20260607T123000
DTEND;TZID=CET:20260607T133000
DESCRIPTION:Web Application Firewalls (WAFs) for filtering based on HTTP an
 d payload are omnipresent. In this talk an argument will be made that\, in
  many cases\, the wrong approach for implementing WAFs is chosen: They are
  implemented as "deny firewalls" which specifically forbid "bad" traffic b
 ased on pattern rules\, while for network security (layers 3/4) profession
 als would only ever follow an "allow firewall" approach\, which explicitly
  lets "good" traffic pass and denies everything else.\n"deny WAFs" are oft
 entimes marketed as simple\, easy to use\, out-of-the-box solutions\, but\
 , by design\, they can only prevent known exploits. Also\, practical aspec
 ts limit their potential\, when rulesets breaking functionality have to be
  disabled.\nWhile the "allow WAF" approach presented here implies more eff
 ort\, its main advantage is protection against new attack vectors ("zero d
 ays") and it comes with a lot of side benefits\, such as improved performa
 nce and resilience through caching.
DTSTAMP:20260516T172631Z
LOCATION:ZKM Medientheater
SUMMARY:WAF: Wrong Approach Firewall - slink
URL:https://cfp.gulas.ch/gpn24/talk/9TSLFQ/
END:VEVENT
END:VCALENDAR