web application security - cisco.com · hacker c u s t o m e r e m p l o y e e e m p l o y e e us...
TRANSCRIPT
![Page 1: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/1.jpg)
Web Application
Security
Ng Wee KaiSenior Security Consultant
PulseSecure Pte Ltd
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com
![Page 2: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/2.jpg)
About PulseSecure
IT Security Consulting CompanyPart of Consortium in IDA (T)‐606 Term TenderCover most of the IT Security services:
Audit & ReviewAssessment & Penetration TestingPolicies & Standards DevelopmentTraining
Particularly strong in Web Application, Ethical Hackingand Secure Code Review
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 2
![Page 3: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/3.jpg)
Our AccomplishmentsIn 2008
Performed penetration test on over 60 applications
Conducted security training to over 1,500 customer users
Audited huge government infrastructure, over 26 government agencies with 40,000 stations
Awarded global assessment term contract from world leading top 5Insurance Group
Developed and published exploits codes such as MITM for bank’s 2 factor authentication
Active participation in Hack in the Box & contribution to security articles
![Page 4: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/4.jpg)
Agenda
• Hackers’ New Target
• Why Are Web Application Attacks Getting Popular?
• What Is Needed To Exploit A Web Application?
• Increasing Institutional Pressure
• Demo of Attacks
• What Can You Do About This?
• Summary
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 4
![Page 5: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/5.jpg)
What Are Web Applications
Web applications have many non‐traditional characteristics:
Uses HTTP protocol
Reliance on web browser
No intrinsic notion of a “session”
Standardized but optional security via HTTPS/SSL
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 5
![Page 6: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/6.jpg)
Web Applications Invite Public Access To Your Most Sensitive Data
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 6
Employee
Customer
Partner
User
Supplier
Supplier
Hacker
Customer
Employee
Employee
User
Partner
Customer
Supplier
![Page 7: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/7.jpg)
SQL Injection Demo
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.
Occurs when external input is used in dynamic construction of database commands.
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 7
SQL Injection Demo
![Page 8: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/8.jpg)
“For Profit” Hacking
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 8
![Page 9: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/9.jpg)
Number of Web Attacks Are Increasing
In 2008
Gartner Group:
“Today over 75% of attacks against a company’s network come at the Application Layer, not at the Network or System Layer.”
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 9
![Page 10: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/10.jpg)
Hackers Knows That Most Web Application Are Vulnerable!
70% of websites at immediate risk of being hacked! ‐ Accunetix – Jan 2007 http://www.acunetix.com/news/security‐audit‐results.htm
“8 out of 10 websites vulnerable to attack”‐ WhiteHat “security report – Nov 2006” https://whitehatsec.market2lead.com/go/whitehatsec/webappstats1106
“Since 2008, more than 70% of all the vulnerabilities reported worldwide are web Application related and are mostly classified as trivially exploitable percent of hacks happen at the application.”‐ InforWorld
“64 percent of developers are not confident in their ability to write secure applications.”‐ Microsoft Developer Research
The battle between hackers and security professionals has moved from the network layer to the Web applications themselves.‐ Network World
10
![Page 11: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/11.jpg)
Why Are Web Application Attacks Getting Popular?
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 11
![Page 12: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/12.jpg)
Web Attack “How‐To” Is Easily Available
A simple Google search results
“SQL Injection Techniques” – 2,260,000 web pages
“SQL Attack” – 30,141 Blogs
“SQL Attack Tools” – 322,000
“XSS Techniques” – 752,000 web pages
“XSS Attack” – 9,769 Blogs
“XSS Attack Tools” – 251,000 web pages
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 12
![Page 13: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/13.jpg)
Attack Characteristics
Web Attacks are Stealth Incidents are not detected.
Simpler Attack VectorTraditional Technology that require compiler, system functions like C++, C, Java
Javascript, XML, CSS, HTML and forgiving browser
Online services provide anonymous hostingLess traceable
IndirectlyPlace traps so that victims are ensnared
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 13
![Page 14: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/14.jpg)
Traditional Methods Do Not Protect You from Web Attack
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 14
Application Attack
Applications: Unprotected and ignored
Network Attack
Secured by firewall/IPS/IDS
Web Server Attack
Protected by intrusion prevention, OS Hardening, Patch Management
![Page 15: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/15.jpg)
Typical Web Application
Database Server
BrowserBrowser
Web Server
Web/Portal
Application Server
Application Database
http://www.corporate.com/profile/myprofile.asp?pg=1&id=5
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 15
![Page 16: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/16.jpg)
Typical Point of Attacks
Database Server
BrowserBrowser
Web Server
Web Application
Application Server
Application
Authenticating users
Preventing parameter
manipulation
Protecting sensitive data
Preventing session hijacking and cookie
replay attack
Provide secure configuration
Handle exceptions
Validating Input
Authorizingusers
Auditing and logging
activity and transactions
Authenticating and authorizing
upstream Identities
Encrypting or hashing
sensitive data
Protecting sensitive data
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 16
Database
![Page 17: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/17.jpg)
What Is Needed To Exploit A Web Application?
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 17
![Page 18: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/18.jpg)
URL is a Cruise Missile
Database Server
BrowserBrowser
Web Server
Web/Portal
Application Server
Application
http://www.corporate.com/profile/myprofile.asp?pg=1&id=5
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 18
Database
![Page 19: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/19.jpg)
New Form of Backdoor
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 19
![Page 20: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/20.jpg)
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com
Increasing Institutional Pressure
There is an increasing institutional awareness of the fact that standards, which organizations must comply with, need to be determined.
These institutional standards are appearing in both the public and private sectors and include:
Sarbanes‐Oxley Act
PCI Security Standards
CMMI
ISO27001
Google Flagging
Etc…
![Page 21: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/21.jpg)
PCI DSS: 6 sections and 12 requirements
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 21
Build and Maintain a Secure Network1. Install and maintain a firewall configuration to protect data 2. Do not use vendor‐supplied defaults for system passwords and other security
parameters
Protect Cardholder Data3. Protect stored cardholder data 4. Encrypt transmission of cardholder data and sensitive information across open public
networks
Maintain a Vulnerability Management Program5. Use and regularly update anti‐virus software 6. Develop and maintain secure systems and applications
Section 6.5: develop secure web apps, cover prevention of OWASP vulnerabilities
Section 6.6: Ensure all web‐facing apps are protected against known attacks using either of the following methods
• secure coding practices• installing a Web App FW*
Section 6.5: develop secure web apps, cover prevention of OWASP vulnerabilities
Section 6.6: Ensure all web‐facing apps are protected against known attacks using either of the following methods
• secure coding practices• installing a Web App FW*
![Page 22: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/22.jpg)
OWASPEmerging standards body
Focus on application security
OWASP top ten project
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 22
![Page 23: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/23.jpg)
XSS Demo
Occurs when web application uses input from a user in output it generates without validating or encoding it
Three known types of XSS
Reflected XSS
Stored XSS
DOM‐Based XSS
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 23
Reflect XSS Demo
![Page 24: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/24.jpg)
Italian Bank XSS
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 24
Form Injected by Fraudster
![Page 25: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/25.jpg)
Site Keeping Track of XSS
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 25
![Page 26: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/26.jpg)
What Can You Do About This?
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 26
![Page 27: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/27.jpg)
What Can You Do About This?
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 27
![Page 28: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/28.jpg)
Traditional SDLC Focus on Features
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 28
![Page 29: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/29.jpg)
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 29
• Asset Identification
• Threat Modeling• Make Security
Requirement Explicit
• Address the Threat
• Coding Standards, Best Practices
• Tools
• Tools• 3rd Party
Assessment
• Deployment Guideline
• Security Response
• Security Awareness
Secure-SDLC
![Page 30: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/30.jpg)
Assessment Tools
White box assessmentAudit the code for insecure practice ‐‐‐ CodeSecure, Fortify
Black box assessmentTest the application with know attacks ‐‐‐ Webinspect, Watchfire
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 30
![Page 31: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/31.jpg)
Penetration Testing and Auditing
Penetration TestingBlack Box/White Box approach
Insider/Outsider
AuditingAnalyzing
• Configuration Files
• Architecture
• Source Code
Policy Conformance• Operational Plans and Procedures
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 31
![Page 32: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/32.jpg)
What Can You Do About This?
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 32
![Page 33: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/33.jpg)
Developer‐oriented Prevention
Developers are increasingly seen as responsible for web application security
The application must protect itself
The developer must know how to include such protection in codes
The developer must know the attacks
General principles
Variances
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 33
![Page 34: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/34.jpg)
What Can You Do About This?
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 34
![Page 35: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/35.jpg)
What are WAF
New Type of Firewall to address this new threat
Preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 35
![Page 36: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/36.jpg)
Advantage of WAF
• Protects in‐house applications
• Protects third party applications
• Continuous security assessment
• Virtual Patching, giving you a window for change management
• Allows for separate roles for security officers
![Page 37: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/37.jpg)
Summary
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 37
![Page 38: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/38.jpg)
Security is an Ongoing Process
Internet is here to stay and more Web Applications are made available online everyday
Most Web Applications are vulnerable
Hackers are aware of these easily targets
Organization must get ready to address these new threats
PulseSecure can help
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 38
![Page 39: Web Application Security - cisco.com · Hacker C u s t o m e r E m p l o y e e E m p l o y e e Us er P a r t n e r ... Web Application Security, CISCO Security TechByte 2009, WAF,](https://reader031.vdocument.in/reader031/viewer/2022011802/5b46fe957f8b9a15308bafb3/html5/thumbnails/39.jpg)
Contact
COPYRIGHT 2009 PulseSecure, All RIGHTS RESERVED. www.PulseSecure.com 39
Email: [email protected]
WebSite:www.pulsesecure.com
The End