Friday, May 22 • 15:45 - 16:30
Naxsi, A Web Application Firewall for NGINX

Sign up or log in to save this to your schedule and see who's attending!

The talk is about naxsi, a web application firewall for Nginx.

Instead of relying on a database of attack signatures (negative model - most common approach), naxsi relies on a way smaller set of "uncommon" or "dangerous" patterns, and will use those to decide if a request is malevolent or legitimate.

This approach allows to drastically reduce the runtime cost of request analysis, and offers as well a very good resilience against obfuscated / unkown attacks. On the other hand, as it relies on a model that is closer to a "classic" network firewall (authorize legitimate traffic), it requires a heavier work on whitelists. This can be done quite easily thanks to naxsi's learning mode and helper tools.

The talk will be presented by Thibault Koechlin (Author of naxsi, NBS System). Rather than just a presentation of the software, I will try to present Naxsi from 3 different point of views :
- As a system Administrator
- As a pentester
- As a WAF author

The presentation will as well include "practical" examples, extracted from real life experiences :
- How to handle learning mode
- Learning mode challenges and limits
- Feedback from medium to big websites running Naxsi in production

avatar for Thibault Koechlin

Thibault Koechlin

Dedicated to penetration testing and offensive security since 2002, I  have performed penetration testing in a huge variety of environments.  Over the course of years, we have seen security - both defensive and  offensive - change greatly, with a huge focus on web application... Read More →

Friday May 22, 2015 15:45 - 16:30
Room E106 & E107 Amsterdam RAI

Attendees (0)