Love this comment.

glad you enjoyed it!

AGREED!!!

Thanks for the comment and here's the Behind the Scenes for our Lightboards: kzbin.info/www/bejne/i2iokH9qrKiDisU

@@devcentral 👌 Awesome!... I thought John was in boxers for a second... 😆🤣

Glad you lied it and thanks for the comment!

glad you enjoyed it!

I'm glad you enjoyed the video!

this is how we do the Lightboard Lessons: kzbin.info/www/bejne/i2iokH9qrKiDisU

@@psilvas damn!!

Hi and thanks for the comment!. The primary defense against LDAP injection is proper input validation and a (competent) WAF should be able to do that.

Glad you enjoyed it!

Appreciate the comment!

Thanks for the note! You can see how we do these here: kzbin.info/www/bejne/i2iokH9qrKiDisU

Lol, ya there's some video showing how its all done, but don't watch it cause it's so awesome without! lol ;)

i agree, i'm in awe....

I was about to figure it myself then I saw the t-shirt chest label, fooled myself and said "nah, he must be really writing backwards". So, that's backwards, too? If so, nice touch!

It's even cooler that they printed a flipped logo on his polo shirt.

agree with u!!!

We'll see what we can do about that and appreciate the comment.

😂😂😂😂😂😂 ‏‪0:31‬‏

😂😂😂😂😂😂 ‏‪0:36‬‏

😂😂😂😂😂😂 ‏‪0:45‬‏ 😅

Glad you enjoyed it!

glad you enjoyed it!

Hi Fawad, thanks for the question. When a user requests a web application, you don't immediately know if they are trying to do something good or bad. This is where the Web Application Firewall comes in and inspects each request and ensures it is a safe request (based on all the signatures of the WAF and the protection capabilities it has), and then only allows the request through if it passes the security checks of the WAF. If the WAF finds something unsafe in the request, then it blocks the request from accessing your web application. It does this for every single request, so even if a user gets logs in properly and then (once they are in) starts to do some bad stuff, the WAF will block as soon as the bad stuff starts happening. I hope this helps...thanks!

F5 DevCentral thank you great insight

signatures and constraint. Some NGFW have embeded WAF software, but the differences between that WAF and "the real WAF" is the real WAF can do SSL-offload, and it have much deeper settings on signature (i think that focus on 10 OWASP)

glad you enjoyed it!

Glad you liked it! And, thanks for the comment!

Hi. We had shirts made with the logos reversed. :-)

glad you enjoyed it!

...and, thank you for the comment! Glad you enjoyed the video!

glad you enjoyed it!

glad you enjoyed it!

WAF can be set up in many different configurations. Most common, historically, is to have an appliance in front of applications. The WAF can be a proxy, itself, or scaled horizontally in front of the app being defended. With modern attacks, most customers are shifting to a multi-layered WAF approach, with Distributed Cloud WAAP taking out signature based attacks before a packet even reaches the data center. Inside the data center, AWAF profiles the applications on a per-uri basis, right down to which unicode characters are allowed! It understands what the expected request and response time are for every element on every uri in your app. Some customers also employ NGINX+ w/ Application Protection to proxy in small environments or even to profile East-West inside an application environment that exists underneath the traditional load balancer / WAF or cloud WAF that is northbound in flow. Great question! Thanks for watching!

Generally it does need to terminate and decrypt the traffic to inspect the data. However, if an organization want to send encrypted traffic direct to the server, a WAF can pass that through if configured to do so. Does that answer your question?

@@devcentral yes, it does. The F5 WAF has built-in stuff to decrypt the traffic before evaluating the data or it requires a separate tool like F5 SSLO?

@@wramarante The WAF can decrypt. SSL Orchestrator can too depending on your infrastructure.

Glad you enjoyed it!

glad you enjoyed it!

We think so but WAFs are moving more toward WAAP - Web Application & API Protection. So, still protecting websites plus, API calls. Hope that helps!

Oh WAAP sounds interesting! Look forward to your lightboard lesson on that one day!

glad you enjoyed it!

Hi

Well, a WAF generally focuses on http(s) (80/443) traffic so there ight be instances where you'd want a Network Firewall (layer 3 - tcp/udp) to protect that traffic. Some WAFs have network security features and much depends on your infrastructure and where the WAF resides within the network. I know that's not a definitive answer but like with many infrastructure questions, it depends. :-)

Yes he is. thanks for the comment!!

@@devcentral Thanks for the quick reply!

camera is facing a mirror

Thanks Trevor...glad you enjoyed the video!

We made a video to explain it all :) kzbin.info/www/bejne/i2iokH9qrKiDisU

Ahh!! The Tshirt has inverted text

Yes, a WAF (if properly configured) can mitigate those types of attacks.

@@devcentral can you suggest any service for hostgater cpannel

You can see how we do this: kzbin.info/www/bejne/i2iokH9qrKiDisU

As I understand NGFW is a package comprising of WAF and IPS/IDS capabilities on a traditional firewall. It is a cost effective solution for SME. At the same time they are prone to single point of failure, having all those features in a single box. For large enterprises, they use separate devices to protect their infrastructure, insuring different layers fo security,

glad you enjoy the videos!

I'm glad you enjoyed it!

yes we do! stay tuned...it's coming out in the next couple of weeks

Here's the Advanced WAF Lightboard: kzbin.info/www/bejne/fnPFdX54i5mEjZI

he is writing with his right hand actually

Here's a good lightboard lesson on the "life of a packet" through the BIG-IP. it doesn't explicitly cover everything you asked, but it can provide additional perspective. and, the answer from Blood Sausage is a good one as well!! kzbin.info/www/bejne/p3Svdqprra6NbdU

Tamir Zuhair

F5's WAF is available in many difference packages, you can reference here: www.f5.com/products/security/advanced-waf.

Behind the Scenes: kzbin.info/www/bejne/i2iokH9qrKiDisU

glad you enjoyed it!

Thanks for the comment! It's true that firewalls have come a long way in recent days/years. This video is showing the difference between a WAF and some of the older network firewalls. It's important to have the security functionality discussed in the video, so if a newer firewall can get it done, that's great!

Glad you enjoyed the video!

Thanks for the comment! One we get often. ;-) Here's how we produce these: kzbin.info/www/bejne/i2iokH9qrKiDisU

@@devcentral thanks! I guessed right! Its really effective!

We appreciate the comment!

thanks for the comment and this is how we produce these: kzbin.info/www/bejne/i2iokH9qrKiDisU

i bet you'd like to flood some of his ports with http requests but i am sure he's employing an intrusion prevention system

glad you enjoyed it!