How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
Aug 17, 2020
Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern matching, typically using Regular Expressions, and classifying malicious traffic to block cyber attacks. Evading pattern matching However, unfortunately, this technique is no silver bullet against determined attackers. Once it's known that there is a protection layer enabled, malicious actors find ways to bypass it, and most of the time, they even succeed. It usually can be achieved when the same attacking payload, blocked by WAF , can be disguised to make it 'invisible' to the pattern matching mechanism to evade security. Context-Specific Obfuscation The web uses many technologies, and they all have different rules for what comprises valid syntax in their grammar