Re: [mod-security-users] Detecting ModSecuriity with WafW00f
Brought to you by:
victorhora,
zimmerletw
From: Christian F. <chr...@ti...> - 2009-06-04 05:49:14
|
Hi there, Thanks for mentioning this presentation, Ryan. I have been attracted by the pretentious title - and I left completely disappointed after a 40min waste of time. So the truth about WAFs is that you can detect/fingerprint them? It sure takes an expert to find out. I have not checked the sourcecode of the tool, but I am not surprised they go for the most obvious behaviour characteristics. The ones that can be faked most easily. Do not get me wrong: I like people providing tools like wafw00f. It is nice to have a tool that automates the task of fingerprinting a WAF. But the authors should do not sell it like a secret of the industry and a big investigative discovery. The 2nd part of the presentation was not any better either, but I should better stop my rant here. Best regards, Christian Folini On Wed, Jun 03, 2009 at 03:36:10PM -0400, Ryan Barnett wrote: > Some of you may have seen/heard about the "Truth about Web Application Firewalls: What vendors don't want you to know" presentation from the recent OWASP AppSec EU conference in Poland. I have received a few questions about the tool that they released called wafw00f and how it can potentially be used to identify ModSecurity installations. I went ahead and just released a blog post on this topic - http://tacticalwebappsec.blogspot.com/2009/06/waf-detection-with-wafw00f.html. Let me know if you have any questions/comments. > > -Ryan > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html |