Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Intelligent Web Application Firewall - A unique Web applicaiton Firewall which needs no Policies or Rules.

IP.com Disclosure Number: IPCOM000236191D
Publication Date: 2014-Apr-11
Document File: 4 page(s) / 94K

Publishing Venue

The IP.com Prior Art Database

Abstract

Web application firewalls detect and prevent attacks based on set of rules/policies. The effectiveness of Web application firewalls is there fore dependent on how well one can tune the rules/policies to the need of the enterprise. The Web application firewall tuning requires lot of expertise and continuos monitoring of the effectiveness of the rules. Rules/Policies can become redundant when an application is patched or upgraded to a newer version. Without the required expert tuning, WAFs will block legitimate traffic and impact the availability of web applications, or get tuned to a level that delivers virtually no security against real-world threats. As a result, WAF buyers often fail to realize the benefits of this technology despite significant investments of money and time. The solution proposed is to have an Intelligent Web Application Firewall which does not have any firewall rules/ policy to protect against Web Application attacks. The intelligent Web Application Firewall relies on the html tags/properties and query string parameters in the Web application pages that pass through the firewall to automatically deduce what is a valid incoming traffic which should be allowed to pass through to the web application. The Intelligent Web application firewall will block any traffic which contains invalid data like payload to exploit web application vulnerabilities. The Intelligent Web Application Firewall will provide ability to protect web services from vulnerabilities. The Intelligent Web Application Firewall will deduce valid input data for invoking a web service based on the WSDL. It will block any malicious input used while invoking a web service.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 24% of the total text.

Page 01 of 4

Intelligent Web Application Firewall - A unique Web applicaiton Firewall which needs no Policies or Rules.

Web Application attacks are on the rise. Vulnerabilities like SQL injections and Cross Site Scripting(XSS) allow  hackers entry into the enterprise and steal data.

Protecting against Web application attacks requires special class of Firewalls called the web application  firewall(WAF) which understand and protect against Web application attacks like SQL injection and Cross Site  Scripting.

Web application firewalls detect and prevent attacks based on set of rules/policies. The effectiveness of Web  application firewalls is there fore dependent on how well one can tune the rules/policies to the need of the  enterprise. The Web application firewall tuning requires lot of expertise and continuos monitoring of the  effectiveness of the rules. Rules/Policies can become redundant when an application is patched or upgraded to a  newer version. 

Without the required expert tuning, WAFs will block legitimate traffic and impact the availability of web  applications, or get tuned to a level that delivers virtually no security against real­world threats. As a result, WAF  buyers often fail to realize the benefits of this technology despite significant investments of money and time.

Main Idea


1. Background: What is the problem solved by your invention ? Describe known solutions to this problem (if any). What are the drawbacks of such known solutions , or why is an additional solution required ? Cite any relevant technical documents or references .

Background

Web Application attacks are on the rise. Vulnerabilities like SQL injections and Cross Site Scripting(XSS) allow  hackers entry into the enterprise and steal data.

Protecting against Web application attacks requires special class of Firewalls called the web application  firewall(WAF) which understand and protect against Web application attacks like SQL injection and Cross Site  Scripting.

Web application firewalls detect and prevent attacks based on set of rules/policies. The effectiveness of Web  application firewalls is there fore dependent on how well one can tune the rules/policies to the need of the  enterprise. The Web application firewall tuning requires lot of expertise and continuos monitoring of the  effectiveness of the rules. Rules/Policies can become redundant when an application is patched or upgraded to a  newer version. 

Without the required expert tuning, WAFs will block legitimate traffic and impact the availability of web  applications, or get tuned to a level that delivers virtually no security against real­world threats. As a result, WAF  b...