WebApp Sec mailing list archives
RE: WAF functionality ala OWASP London Meeting
From: Omar Salvador Alcalá Ruiz <oalcala () scitum com mx>
Date: Wed, 3 May 2006 18:28:50 -0500
Hi You may want to check the Blue Coat proxy, it allows you to dig into the HTTP protocol and look at different flags and header informations that goes throug the HTTP traffic, and it's defined and managed very similar to Check Point FW. They call this "a Firewall for HTTP traffic", so it may fit your needs. It also works with different Web Filtering products. HTH OA -----Original Message----- From: Eoin [mailto:eoinkeary () gmail com] Sent: Miércoles, 03 de Mayo de 2006 11:05 a.m. To: webappsec () securityfocus com Subject: WAF functionality ala OWASP London Meeting Hello WAF Vendors, After discussing this with Dinis (Mr Cruz)....... Is there any way to disable HTTP GET requests for authentication pages in any of the current application security firewall offerings? Many applications I review accepts authentication via GET and POST, I don't want GET to work, can you of the cu rent firewalls prevent certain HTTP methods for particular URL's (context sensitive rules)??? To make things a little more difficult, In the case of .NET, postbacks would be used also so its not always as simple as blocking a URL with a certain HTTP method, as the home page URL may be the same as the "submission" URL. What direction would your App Layer firewalls go to solve this problem. Many vendors say "don't trust developers, use our product instead", well OK I wont trust the developer here, can any of your tools do this? Thanks, Eoin -- Eoin Keary OWASP - Ireland ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r -------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r --------------------------------------------------------------------------
Current thread:
- WAF functionality ala OWASP London Meeting Eoin (May 03)
- Re: WAF functionality ala OWASP London Meeting Michael Silk (May 03)
- Re: WAF functionality ala OWASP London Meeting Jason (May 04)
- <Possible follow-ups>
- RE: WAF functionality ala OWASP London Meeting Omar Salvador Alcalá Ruiz (May 03)