A Web Application Firewalls usually detects and prevents attacks like SQL injection.
It achieves that by using regular expression to filter potential harmful strings.
A common setup is using ModSecurity as a plugin for Apache in combination with the OWASP Core Rule Set.
Initially you use a "training phase" to adapt the rule set to your web application.
Or basically, fix all the false positives.
We implemented a different approach for a customer, that still suffered from False Positives.
Most concepts are using a blacklist of characters or strings that they filter out or block.
But it is also possible to implement a whitelist approach, defining what characters are valid for each input field.
In this specific customer case, the software package build process also creates the whitelist ruleset for ModSecurity:
The development team creates a definition file of software endpoints, parameters, and input types.
During the build, a translator compiles this into regular expressions to only allow secure data passing through the WAF.
back to projects