Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« Researcher barred for demoing ATM security vuln | Main | Security Guard Busted For Hacking Hospital's HVAC, Patient Information Computers »

Three Web Application Firewall Advisories, Whitepaper Published

Michael Kirchner and Wolfgang Neudorfer have published 3 advisories in various Web Application Firewall products.


They have also published a whitepaper  "An evaluation of current web application rewall capabilities and techniques" describing the effectiveness of WAFs.

From the paper
"To protect an organisation from attacks on their IT infrastructure, perimeter rewalls are
nowadays means of standard protective measures. Attacks on the application layer (e.g.
web applications) cannot be e ectively prevented by those systems as HTTP and HTTPS
requests usually pass the rewalling mechanisms un ltered and are forwarded directly to the
web server. Web application rewalls therefore operate on a higher network layer seeking
to prevent application level attacks by analysing the user data transmitted via HTTP or
HTTPS.
By ltering requests and responses of the web server, the exploitation of vulnerabilities in
web applications and the leakage of sensitive data should be prevented. However, the usage
of web application rewalls cannot provide e ective protection for all typically encountered
vulnerability classes or bogus web server conguration issues.
The project at hand evaluated current web application rewall capabilities and techniques
to state in which scenarios and for which vulnerability classes the usage of these products can
be recommended. On the other side the drawbacks of the current products and techniques
have been found and demonstrated."

Whitepaper: http://www.h4ck1nb3rg.at/wafs/final_project_documentation.pdf

Posted by Robert A. on 07/01/2009 in IndustryNews , Research , Vulns , Web Application Firewalls | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!


Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals