December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 14
Active Response Actions
The general who is skilled in defense hides in the most secret recesses of the earth; he who is skilled in attack flashes forth from the topmost heights of heaven. Thus on the one hand we have ability to protect ourselves; on the other, a victory that is complete.
—Sun Tzu in The Art of War
What is the best way to respond to suspicious transactions within your web application? The reality is that most external web application defensive tools, such as web application firewalls (WAFs), use a very limited set of response actions. Whether due to a technical limitation of the tool or the web application defender’s specific desire, most WAFs simply terminate malicious transactions with an abrupt HTTP deny response such as a 403 Forbidden response status code.
This single-response action approach is not very flexible and is undesirable from a detectability perspective because attackers may be able to identify the existence of a separate security system. It is highly recommended that you thoroughly review and ideally tightly integrate your response actions with how the application itself responds to attacks. For example, perhaps basic malicious requests should be met with 302 redirections to the home page, and more advanced attacks should be quarantined by transparently proxying the attack traffic to a separate web honeypot system. The recipes in this chapter outline a wide variety of response actions.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.