OWASP AppSec Days Singapore 2024

The web browser is the most used enterprise application, but the least protected. For almost two decades, Secure Web Gateways, as part of SASE / SSE framework, served as the primary defence against web threats by monitoring the network layer. However, as browsers have evolved into complex, OS-like environments and web applications have grown in intricacies, Secure Web Gateways have become outdated and ineffective. In this keynote, we we will expose the inherent architectural flaws of Secure Web Gateways, particularly their inability to defend against modern web attacks like 'Last Mile Reassembly attacks.' The argument is clear: Secure Web Gateways are no longer viable as the guardian of the web. The future of web security lies in browser-native solutions that operate directly within the browser, leveraging rich browser data to drive advanced web attack detection algorithms.