Re: [mod-security-users] web app discovery
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] web app discovery
|
From: Ivan R. <iva...@gm...> - 2006-05-25 20:49:39
|
On 5/25/06, kiran k <kir...@ya...> wrote: > > Ok, with positive security there are no rules and it is based on usage > pattern, anomalies would be flagged ? Yes, there are rules. > How you determine this behavioural model. By observing the real-life traffic. > It is counter-intuitive to acquire > scanning tool to write the policies. The scanning tools cannot provide you with the real-life data. They can possibly enumerate the scripts and the parameters but not the data types. > How do you write positive security > using the rules you mentioned manually. Can you show examples in the > downloads ? I don't have any examples handy but the idea is to write a group of rules for each individual resource. These rules would examine every parameter, how many parameters there are with the same name, are there any extra parameters, for every parameter check the content, the length, etc. You can see that this can quickly turn into a very tedious job. --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
