[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
- From: "Ivan Ristic" <ivan.ristic@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
- Date: Mon, 14 Jul 2008 12:28:18 +0100
Wouldn't the mere fact that our packets are not arriving to the
destination be telling? :)
On Mon, Jul 14, 2008 at 4:05 AM, Rafal @ IsHackingYou
<rafal@xxxxxxxxxxxxxxxx> wrote:
> Ofer, all...
>
> We're talking about blocking here, when the "intelligent" WAFs will
> silently drop packets - I challenge someone to detect a silent drop of a
> packet traveling across a network device...
> __
> Rafal M. Los
> IT Security - Response | Mitigation | Strategy
>
> E-mail: rafal@xxxxxxxxxxxxxxxx
> Direct: +1 (404) 606-6056
> - gPGP: 0xFFC63B33
> - Blog: http://preachsecurity.blogspot.com
> - LinkedIn: http://www.linkedin.com/in/rmlos
>
> From: Ofer Shezaf
> Sent: Sunday, July 13, 2008 3:38 AM
> To: 'Sebastien Deleersnyder' ; 'Licky Lindsay' ; 'Brian Shura'
> Cc: 'Jeremiah Grossman' ; 'WASC Forum'
> Subject: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
>
> Hi Seba,
>
>
>
> Probably just the wrong moment to step in when competition is discussed, but
> two quick notes:
>
> * I assume you meant it is deployed as a transparent bridge. Being inline
> does not imply transparent, and is usually more detectable than out-of-line.
>
> * Anything that blocks can be detected, as no two blocking devices would
> block exactly the same.
>
>
>
> ~ Ofer
>
>
>
> From: Sebastien Deleersnyder [mailto:seba@xxxxxxxxxxxxxxx]
> Sent: Saturday, July 12, 2008 9:34 AM
> To: Licky Lindsay; Brian Shura
> Cc: Jeremiah Grossman; WASC Forum
> Subject: RE: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
>
>
>
> Lindsay,
>
> As it is mostly deployed inline, there is no way of detecting Imperva.
>
> Regards
>
> Seba
>
> -----Original Message-----
> From: Licky Lindsay [mailto:noontar@xxxxxxxxx]
> Sent: woensdag 9 juli 2008 15:42
> To: Brian Shura
> Cc: Jeremiah Grossman; WASC Forum
> Subject: Re: [WEB SECURITY] Re: Comparisons of Web ApplicationFirewalls
>
> On Mon, Jul 7, 2008 at 9:40 PM, Brian Shura <bshura@xxxxxxxxxxxxx> wrote:
>> W3AF has a plug-in called "detectWAF" that tries to fingerprint WAFs.
>>
>> It currently attempts to detect URLScan, ModSecurity, and SecureIIS.
>>
>> http://w3af.sourceforge.net/pluginDesc.php#detectWAF
>>
>
> Does anybody know what specifically to look for as indicator that
> Imperva is being used?
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.138 / Virus Database: 270.4.7/1542 - Release Date: 9/07/2008
> 6:50
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
--
Ivan Ristic
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|