I went through all my ModSecurity Blog posts yesterday, partly to admire myself for blogging consistently for almost 5 years and partly to understand what is that I talked about during this time. While I knew that most of my posts were pretty technical (after all, I did start my new blog to focus on other things) imagine my surprise when I realised I didn't properly cover the one thing this blog is supposed to cover: web application firewalls! The emphasize is on the word "properly": I provided a great deal of technical information but not enough content that would explain why one would deploy a web application firewall and how. This stuff had went into my conference talks and the Web Application Firewall Evaluation Criteria project, but I forgot to discuss the topics here. In an effort to fix this I am starting a series of blog posts called Web Application Firewall Concepts. Each post will be reasonably brief and cover one aspect of the technology, and I will continually update this post to serve as a table of contents. Posts in this series:
- Use Cases
- Web intrusion detection and prevention
- Continuous Security Assessment
- Virtual (or just-in-time) patching
- HTTP traffic logging and monitoring
- Learning
- Web application hardening
- Deployment models
- Inline
- Out of line
- Embedded
- Data Model
- Model construction
- Persisting information across requests
- Distinguishing sessions
- Distinguishing users
- Analysis Model
- Negative security
- Positive security
- Anomaly scoring
- Learning
- Evasion
- Impedance mismatch
- Traffic logging
- Special protection techniques
- Cookie protection
- Cross-Site Request Forgery
- Brute force attacks
- Denial of Service attacks
- PDF UXSS protection