[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls

From: "Colin Watson" <colin@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Date: Tue, 08 Jul 2008 09:41:23 +0100

Regarding WAF fingerprinting:

> > The same could be said for web servers, but even with customized 
> > configuration you still can usually determine the distribution/
> > version despite the best attempts to mask it. A lot of testing
> > required, but my gut says there will always be some identifiable
> > mark. Just gotta find it.
>
> ...
>
> Just a few ideas. The tough part is getting a test-bed.

I suppose it would be possible to look at the websites of WAF vendors... but perhaps they don't use their own WAFs?  If they don't, I wonder why not.

Colin

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Prev by Date: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Next by Date: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Previous by thread: [WEB SECURITY] [Tool] - ProxyStrike v2.0 - Active Web application proxy
Next by thread: [WEB SECURITY] Major DNS Vulnerabilities
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site