Security Basics mailing list archives
Re: Web Application Firewall Assessment
From: Robert Larsen <robert () the-playground dk>
Date: Thu, 07 May 2009 07:28:53 +0200
bin4ry wrote:
Do you know of some attack vectors WAFs are facing problems with?
* Bad/nonrandom session keys * some_page.php?admin=yes * Possibility for traversal of nonpublic documents by changing an ID in a URL (seen this too many times to count) * Not sending secret data over https (logins and session keys) WAFs are great tools for taking the top of the attack vectors but they are not a replacement for good coding practices. It is "just" another layer of security. Good luck with the thesis. Will you post your findings to this mailing list ?
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Web Application Firewall Assessment bin4ry (May 06)
- Re: Web Application Firewall Assessment Jon Kibler (May 07)
- Re: Web Application Firewall Assessment Robert Larsen (May 07)