WAF - Login Enforcement & Session Tracking
Associates usernames and
sessions with application violations provide in-depth blocking and
visibility, which is useful for attack
understanding and forensics. In addition, if we are able to identify
devices for every visitor across multiple IPs and
sessions, we’ll increase precision in
blocking malicious activities. Therefore,
this kind of techniques will help
us to identify and block suspicious clients and headless browsers as
well as mitigate client side malware.
The first video this
week is about Login URL Enforcement
which is a mechanism for preventing
Forceful
Browsing
to restricted parts of the web application. By
defining a required URL (i.e. login page), the user must pass through
it in order to access a certain target URL. This
mechanism uses ASM cookies, which are
session cookies, to keep information about
the prerequisite URL that was accessed successfully. We’ll
watch how to create a Login Page and how to configure Login
Enforcement in the next video.
The second video is
about Session Awareness
and how to configure violation detection actions. In fact, we’ll
configure ASM to log all requests from the session when the threshold
is triggered. However, session awareness
can also mitigate
Session Hijacking Attacks
which occurs when an attacker is able to steal session information
from an authenticated user. Session hijacking prevention is based on
fingerprinting where client identification
is based on screen resolution, time and time zone data, browser
attributes such as platform, version, plugins installed, etc.
Therefore, we’ll watch in the next video how to enable session
awareness and how to log all requests once a violation is detected.
Regards my friends and
drop me a line if you configure Login
Enforcement and Session Tracking in your
security policy.
Commentaires
Enregistrer un commentaire