17 Web Application Firewall
17 Web Application Firewall
17 Web Application Firewall
1
UNIT-III WEB Application Firewall & Fuzzers www.owasp.org
Web Application
Firewalls
Fire
wall
HTTP Port
Traffic 80
2
UNIT-III WEB Application Firewall & Fuzzers www.owasp.org
WAF
Features
• Full support for HTTP:
• Access to individual fields (field content,
length, field count, etc).
• Entire transaction (both request and
response).
• Uploaded files.
• Anti-evasion features (also known as
normalisation/canonicalisation/transformation
features).
• Weaknesses
• Have to have spec of protocol
• Often can find good tools for existing protocols e.g. http,
SNMP
• Writing generator can be labor intensive for
complex protocols
• The spec is not the code
25
UNIT-III WEB Application Firewall & Fuzzers www.owasp.org