WAF - Login Enforcement & Session Tracking

Associates usernames and sessions with application violations provide in-depth blocking and visibility, which is useful for attack understanding and forensics. In addition, if we are able to identify devices for every visitor across multiple IPs and sessions, we’ll increase precision in blocking malicious activities. Therefore, this kind of techniques will help us to identify and block suspicious clients and headless browsers as well as mitigate client side malware.

The first video this week is about Login URL Enforcement which is a mechanism for preventing Forceful Browsing to restricted parts of the web application. By defining a required URL (i.e. login page), the user must pass through it in order to access a certain target URL. This mechanism uses ASM cookies, which are session cookies, to keep information about the prerequisite URL that was accessed successfully. We’ll watch how to create a Login Page and how to configure Login Enforcement in the next video.

The second video is about Session Awareness and how to configure violation detection actions. In fact, we’ll configure ASM to log all requests from the session when the threshold is triggered. However, session awareness can also mitigate Session Hijacking Attacks which occurs when an attacker is able to steal session information from an authenticated user. Session hijacking prevention is based on fingerprinting where client identification is based on screen resolution, time and time zone data, browser attributes such as platform, version, plugins installed, etc. Therefore, we’ll watch in the next video how to enable session awareness and how to log all requests once a violation is detected.

Regards my friends and drop me a line if you configure Login Enforcement and Session Tracking in your security policy.