HF 2022 - Call for Papers

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Philippe Arteau

Philippe is a security engineer working for ServiceNow. His work and research are focusing on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.


Your twitter or other social network

https://twitter.com/h3xstream

Which country are you from?

Canada


Session

10-30
10:00
120min
Web Application Firewall Workshop
Philippe Arteau

Web Application Firewalls usage is controversial in the field of application security. Some consider them useless since they are imperfect. Others consider them an interesting ally for virtual patching and for defense in depth. Beyond this debate, firewalls are a reality in several organizations to defend edge services.

Testers may find the presence of such protection to be a drag on their security assessment. As these firewalls cannot always be disabled for testing, it is important to be able to quickly assess whether a circumvention method is possible. We have designed a workshop featuring different scenarios where a firewall is used to block certain attacks or features.

Offensive
Track Workshop