Re: web appliaction security products (AKA application firewalls)

[Dave Aitel <dave () immunitysec com>]

Hmm. Well, I personally think there are a few things that tools like
Urlscan or stateful-inspection normalizing application proxies miss:

o overflows and format strings in body variables
o sql injection-type attacks
o -number flaws

All these sorts of attacks are perfectly valid HTTP, and you may want to
prevent them on some pages, but not on others. So management of your
restrictions is an issue.

So my question is this: If I spent the few days it would take to port
SPIKE Proxy over to an Application Proxy, would any of you actually use
it? Theoretically you could set it up in front of your web server,
optionally give it a certificate, and set up a file to tell it which
variables have which restrictions (or you could use the default
restrictions and individually relax them for certain variables). Any
request that didn't fit the boundaries would just recieve an error
message of some kind, and everything else would just get proxied
through.

Would anyone use this, or would it be a waste of a couple of days?
-dave