WebApp Sec mailing list archives
Re: WAF functionality ala OWASP London Meeting
From: Jason <security () brvenik com>
Date: Wed, 03 May 2006 22:22:24 -0400
while not an application firewall itself you could use snort in inline mode ( or Sourcefire... ) to modify the requests making them useless or blocking them all together. EG: replace GET with BET replace login= with \00\00\00\00\00\00 block requests to the page with any parameters... you could even use flowbits to track valid application paths and block or replace on unusual interactions. A favorite of mine is to include a userid or similar key as a honey token in cookies, forms, url's... if it's value is not one of a set of pre determined values served semi randomly then you have an issue that needs handling. Eoin wrote:
Hello WAF Vendors, After discussing this with Dinis (Mr Cruz)....... Is there any way to disable HTTP GET requests for authentication pages in any of the current application security firewall offerings? Many applications I review accepts authentication via GET and POST, I don't want GET to work, can you of the cu rent firewalls prevent certain HTTP methods for particular URL's (context sensitive rules)??? To make things a little more difficult, In the case of .NET, postbacks would be used also so its not always as simple as blocking a URL with a certain HTTP method, as the home page URL may be the same as the "submission" URL. What direction would your App Layer firewalls go to solve this problem. Many vendors say "don't trust developers, use our product instead", well OK I wont trust the developer here, can any of your tools do this? Thanks, Eoin -- Eoin Keary OWASP - Ireland ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- WAF functionality ala OWASP London Meeting Eoin (May 03)
- Re: WAF functionality ala OWASP London Meeting Michael Silk (May 03)
- Re: WAF functionality ala OWASP London Meeting Jason (May 04)
- <Possible follow-ups>
- RE: WAF functionality ala OWASP London Meeting Omar Salvador Alcalá Ruiz (May 03)