Whether it is a Web-based application system or a Web website, they all face various security threats with unstable sources. Some of them have been discovered and have identifiable fixed characteristics, which are different from the website design and code and the behavior habits of attackers. All these are security issues that must be addressed and addressed by Web application systems and websites.
Traditional technical means. For example, firewalls and IPS are security detection and protection methods based on known security characteristics, and they can only achieve network, and some can process new protocol layer data packets ). However, dynamic pages that are widely used in Web applications and are also the main targets of attacks are powerless. This is because the dynamic page itself does not have a fixed pattern, so attacks against it do not have fixed features.
At the same time, it must be noted that the detection and protection technologies of the feature database are completely dependent, which inevitably has a high false positive rate and false negative rate, and it is difficult to strike a balance between the two.
At present, most websites use this technology. They also understand the problems, but there is no better technology to replace it. Imperva's SecureSphere Web Application Firewall uses new protection methods, which not only effectively makes up for the shortcomings of traditional protection methods, but also has many new features.
As a new Web application firewall, SecureSphere is characterized by a forward model-that is, the Security Detection Technology for the model can fundamentally solve the preceding problems of traditional Web Protection, especially when the two are combined.
However, for model-based detection and protection, there are several key technical issues that must be addressed:
A. The model must be generated automatically and dynamically. -- Because the model contains a wide range of factors and a large number of factors, manual generation and maintenance methods are completely unavailable in actual use. In addition, a large number of false positives are generated.
It must be combined with the basic reverse model. Because the reverse model can shield a large number of basic attacks, it allows an action-based mechanism to solve more advanced attack traffic.
B. association analysis must be performed at all levels of protection and time. Bytes
A truly dangerous attack usually shows a considerable correlation in multiple layers, including the timeline. association analysis can greatly improve the attack identification capability and reduce the false positive rate.
In addition, because behavior analysis means a large amount of computing, the product must ensure the expected performance in terms of implementation, especially in terms of processing capacity (Session Per Second) and latency (MS ). Imperva's Web Firewall uses unique technologies to solve the above problems.
- WAF-the most professional website Security Protection
- WAF security principles and technical analysis
- View the overall website protection solution of WAF