[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls

From: Ofer Shezaf <ofers@xxxxxxxxxx>
Subject: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Date: Sun, 13 Jul 2008 11:38:11 +0300
------=_NextPart_000_00D9_01C8E4DC.EF1F40C0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi Seba,

 

Probably just the wrong moment to step in when competition is discussed, but
two quick notes:

* I assume you meant it is deployed as a transparent bridge. Being inline
does not imply transparent, and is usually more detectable than out-of-line.

* Anything that blocks can be detected, as no two blocking devices would
block exactly the same.

 

~ Ofer

 

From: Sebastien Deleersnyder [mailto:seba@deleersnyder.eu] 
Sent: Saturday, July 12, 2008 9:34 AM
To: Licky Lindsay; Brian Shura
Cc: Jeremiah Grossman; WASC Forum
Subject: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls

 

Lindsay,

As it is mostly deployed inline, there is no way of detecting Imperva.

Regards

Seba

-----Original Message-----
From: Licky Lindsay [mailto:noontar@gmail.com]
Sent: woensdag 9 juli 2008 15:42
To: Brian Shura
Cc: Jeremiah Grossman; WASC Forum
Subject: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls

On Mon, Jul 7, 2008 at 9:40 PM, Brian Shura <bshura@sbcglobal.net> wrote:
> W3AF has a plug-in called "detectWAF" that tries to fingerprint WAFs.
>
> It currently attempts to detect URLScan, ModSecurity, and SecureIIS.
>
> http://w3af.sourceforge.net/pluginDesc.php#detectWAF
>

Does anybody know what specifically to look for as indicator that
Imperva is being used?

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.4.7/1542 - Release Date: 9/07/2008
6:50


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA


------=_NextPart_000_00D9_01C8E4DC.EF1F40C0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" =
xmlns:p=3D"urn:schemas-microsoft-com:office:powerpoint" =
xmlns:a=3D"urn:schemas-microsoft-com:office:access" =
xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" =
xmlns:s=3D"uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" =
xmlns:rs=3D"urn:schemas-microsoft-com:rowset" xmlns:z=3D"#RowsetSchema" =
xmlns:b=3D"urn:schemas-microsoft-com:office:publisher" =
xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadsheet" =
xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" =
xmlns:oa=3D"urn:schemas-microsoft-com:office:activation" =
xmlns:html=3D"http://www.w3.org/TR/REC-html40"; =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/"; xmlns:D=3D"DAV:" =
xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2003/xml"; =
xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/"; =
xmlns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/"; =
xmlns:ds=3D"http://www.w3.org/2000/09/xmldsig#"; =
xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint/dsp"; =
xmlns:udc=3D"http://schemas.microsoft.com/data/udc"; =
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema"; =
xmlns:sub=3D"http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"=
 xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"; =
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/"; =
xmlns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/"; =
xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance"; =
xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile"; =
xmlns:wf=3D"http://schemas.microsoft.com/sharepoint/soap/workflow/"; =
xmlns:mver=3D"http://schemas.openxmlformats.org/markup-compatibility/2006=
" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relationshi=
ps" =
xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/types"=
 =
xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/messag=
es" xmlns:Z=3D"urn:schemas-microsoft-com:" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<title>RE: [WEB SECURITY] Re: Comparisons of Web =
ApplicationFirewalls</title>
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p
	{mso-style-priority:99;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
	{mso-style-priority:34;
	margin-top:0cm;
	margin-right:0cm;
	margin-bottom:0cm;
	margin-left:36.0pt;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman","serif";}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri","sans-serif";
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page Section1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Seba,<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Probably just the wrong moment to step in when =
competition is
discussed, but two quick notes:<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>* I assume you meant it is deployed as a transparent =
bridge. Being
inline does not imply transparent, and is usually more detectable than
out-of-line.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>* Anything that blocks can be detected, as no two =
blocking
devices would block exactly the same.<o:p></o:p></span></p>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>~ Ofer<o:p></o:p></span></p>

</div>

<p class=3DMsoNormal><span =
style=3D'font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt =
0cm 0cm 0cm'>

<p class=3DMsoNormal><b><span =
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span>=
</b><span
style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Sebastien
Deleersnyder [mailto:seba@deleersnyder.eu] <br>
<b>Sent:</b> Saturday, July 12, 2008 9:34 AM<br>
<b>To:</b> Licky Lindsay; Brian Shura<br>
<b>Cc:</b> Jeremiah Grossman; WASC Forum<br>
<b>Subject:</b> RE: [WEB SECURITY] Re: Comparisons of Web =
ApplicationFirewalls<o:p></o:p></span></p>

</div>

</div>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p style=3D'margin-bottom:12.0pt'><span =
style=3D'font-size:10.0pt'>Lindsay,<br>
<br>
As it is mostly deployed inline, there is no way of detecting =
Imperva.<br>
<br>
Regards<br>
<br>
Seba<br>
<br>
-----Original Message-----<br>
From: Licky Lindsay [<a =
href=3D"mailto:noontar@gmail.com";>mailto:noontar@gmail.com</a>]<br>
Sent: woensdag 9 juli 2008 15:42<br>
To: Brian Shura<br>
Cc: Jeremiah Grossman; WASC Forum<br>
Subject: Re: [WEB SECURITY] Re: Comparisons of Web =
ApplicationFirewalls<br>
<br>
On Mon, Jul 7, 2008 at 9:40 PM, Brian Shura &lt;bshura@sbcglobal.net&gt; =
wrote:<br>
&gt; W3AF has a plug-in called &quot;detectWAF&quot; that tries to =
fingerprint
WAFs.<br>
&gt;<br>
&gt; It currently attempts to detect URLScan, ModSecurity, and =
SecureIIS.<br>
&gt;<br>
&gt; <a =
href=3D"http://w3af.sourceforge.net/pluginDesc.php#detectWAF";>http://w3af=
.sourceforge.net/pluginDesc.php#detectWAF</a><br>
&gt;<br>
<br>
Does anybody know what specifically to look for as indicator that<br>
Imperva is being used?<br>
<br>
-------------------------------------------------------------------------=
---<br>
Join us on IRC: irc.freenode.net #webappsec<br>
<br>
Have a question? Search The Web Security Mailing List Archives:<br>
<a =
href=3D"http://www.webappsec.org/lists/websecurity/archive/";>http://www.w=
ebappsec.org/lists/websecurity/archive/</a><br>
<br>
Subscribe via RSS:<br>
<a =
href=3D"http://www.webappsec.org/rss/websecurity.rss";>http://www.webappse=
c.org/rss/websecurity.rss</a>
[RSS Feed]<br>
<br>
Join WASC on LinkedIn<br>
<a =
href=3D"http://www.linkedin.com/e/gis/83336/4B20E4374DBA";>http://www.link=
edin.com/e/gis/83336/4B20E4374DBA</a><br>
<br>
No virus found in this incoming message.<br>
Checked by AVG - <a =
href=3D"http://www.avg.com";>http://www.avg.com</a><br>
Version: 8.0.138 / Virus Database: 270.4.7/1542 - Release Date: =
9/07/2008<br>
6:50<br>
<br>
<br>
-------------------------------------------------------------------------=
---<br>
Join us on IRC: irc.freenode.net #webappsec<br>
<br>
Have a question? Search The Web Security Mailing List Archives:<br>
<a =
href=3D"http://www.webappsec.org/lists/websecurity/archive/";>http://www.w=
ebappsec.org/lists/websecurity/archive/</a><br>
<br>
Subscribe via RSS:<br>
<a =
href=3D"http://www.webappsec.org/rss/websecurity.rss";>http://www.webappse=
c.org/rss/websecurity.rss</a>
[RSS Feed]<br>
<br>
Join WASC on LinkedIn<br>
<a =
href=3D"http://www.linkedin.com/e/gis/83336/4B20E4374DBA";>http://www.link=
edin.com/e/gis/83336/4B20E4374DBA</a></span><o:p></o:p></p>

</div>

</body>

</html>

------=_NextPart_000_00D9_01C8E4DC.EF1F40C0--
Follow-Ups:
- RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
  - From: Sebastien Deleersnyder
- Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
  - From: Rafal @ IsHackingYou
References:
- Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
  - From: Licky Lindsay
- RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
  - From: Sebastien Deleersnyder
Prev by Date: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Next by Date: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Previous by thread: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Next by thread: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
Index(es):
- Date
- Thread
Brought to you by http://www.webappsec.org
Search this site