Session based Attacks

From Defcon conference i found these solution for Session attack.

• Prevent XSS
• Use a different SID generation method
• IP Address check implemented with SID generation and
• Use hash of IP as part of SID generation
• Authentication takes place by regenerating SID and comparing

It may not give us the full proof security but we can make some modification in it to achieve our goal against session attack , like pool of algo’s for generating SID + hash of token id + hash/encrypted algorithm  code etc.

what is your opinion about this solution?

Posted in Blacklisting | 2 Comments

Welcome to SWAF

The aim of this project is to provide effective real-time Web application security. Web which was once supposed to be a simple document exchange mechanism, has now become imperative and ubiquitous. Information flows are increasingly embedded into Web applications, making them extremely valuable, thus an attractive target for hackers and necessitates protection. Existing security solutions fail to provide comprehensive level of security.

SWAF, a Semantic based Web Application Firewall, introduces an innovative concept of utilizing semantics for detecting and preventing attacks against Web applications. It is a PCI compliant cutting edge technology capable of performing real-time content filtering on the basis of rules generated using application, protocol and attacks semantics. The system significantly improves attack detection, thus providing protection against known and unknown attacks. It is engineered to deliver performance and efficiency.

Posted in Uncategorized | Leave a comment