WebApp Sec mailing list archives
Re: web appliaction security products (AKA application firewalls)
From: Dave Aitel <dave () immunitysec com>
Date: Sun, 24 Nov 2002 15:44:27 -0500
Hmm. Well, I personally think there are a few things that tools like Urlscan or stateful-inspection normalizing application proxies miss: o overflows and format strings in body variables o sql injection-type attacks o -number flaws All these sorts of attacks are perfectly valid HTTP, and you may want to prevent them on some pages, but not on others. So management of your restrictions is an issue. So my question is this: If I spent the few days it would take to port SPIKE Proxy over to an Application Proxy, would any of you actually use it? Theoretically you could set it up in front of your web server, optionally give it a certificate, and set up a file to tell it which variables have which restrictions (or you could use the default restrictions and individually relax them for certain variables). Any request that didn't fit the boundaries would just recieve an error message of some kind, and everything else would just get proxied through. Would anyone use this, or would it be a waste of a couple of days? -dave
Current thread:
- web appliaction security products (AKA application firewalls) Shimon Silberschlag (Nov 22)
- Re: web appliaction security products (AKA application firewalls) Skip Carter (Nov 23)
- Re: web appliaction security products (AKA application firewalls) Kevin Spett (Nov 23)
- RE: web appliaction security products (AKA application firewalls) Fernando Martins (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Jason Childers (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Bennett Todd (Nov 25)
- <Possible follow-ups>
- RE: web appliaction security products (AKA application firewalls) Lars Troen (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)
- Re: web appliaction security products (AKA application firewalls) securityarchitect (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)