Articles in category 'WAF'

You will find below a patch for WAFW00F (a tool used to fingerprint Web Application Firewall) that allows to identify Imperva SecureSphere WAF.
On characteristic of Imperva is to respond with an HTTP/1.0 message, even if the request is made in HTTP/1.1. The other WAF I’ve worked with do not have the same behaviour (but [...]

October 29, 2009, 10:14 am lock

So you your boss asked you to secure his new strategic web application which is part of his plan to conquer the world. But that damn developers are used to think that their work is finish when it just works, and debugging their whole code is simply not an option. Here’s the solution: use [...]

November 29, 2007, 1:08 am lock

ModSecurity2 is a Web Application Firewall, integrated into Apache as a module. You can use it at the final web server by adding the module (especially if you have a HTTPS web server, so your IDS/IPS cannot analyze these flows), or by adding an Apache based reverse proxy in front of your [...]

March 19, 2007, 2:39 pm lock