Re: WAF functionality ala OWASP London Meeting

[Jason <security () brvenik com>]

while not an application firewall itself you could use snort in inline
mode ( or Sourcefire... ) to modify the requests making them useless or
blocking them all together.

EG:

replace GET with BET
replace login= with \00\00\00\00\00\00
block requests to the page with any parameters...

you could even use flowbits to track valid application paths and block
or replace on unusual interactions.

A favorite of mine is to include a userid or similar key as a honey
token in cookies, forms, url's... if it's value is not one of a set of
pre determined values served semi randomly then you have an issue that
needs handling.

Eoin wrote:
> Hello WAF Vendors,
>
> After discussing this with Dinis (Mr Cruz).......
>
> Is there any way to disable HTTP GET requests for authentication pages
> in any of the current application security firewall offerings?
>
> Many applications I review accepts authentication via GET and POST, I don't
> want GET to work, can you of the cu rent firewalls prevent certain
> HTTP methods for particular URL's  (context sensitive rules)???
>
> To make things a little more difficult,
>
> In the case of .NET, postbacks would be used also so its not always as
> simple as blocking a URL with a certain HTTP method, as the home page
> URL may be the same as the "submission" URL.
>
> What direction  would your App Layer firewalls go to solve this
> problem. Many vendors say "don't trust developers, use our product
> instead", well OK I wont trust the developer here, can any of your
> tools do this?
>
> Thanks,
> Eoin
>
> -- 
> Eoin Keary OWASP - Ireland
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> The Twelve Most Common Application-level Hack Attacks
> Hackers continue to add billions to the cost of doing business online
> despite security executives' efforts to prevent malicious attacks. This
> whitepaper identifies the most common methods of attacks that we have
> seen, and outlines a guideline for developing secure web applications.
> Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
> --------------------------------------------------------------------------

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------