Getting New Actionable Insights by Analyzing Web Application Firewall Triggers

Explore advanced techniques for post-processing ModSecurity Core Rule Set WAF triggers to generate actionable defenses in this 40-minute conference talk from AppSecEU 2014. Learn how to analyze collected malicious HTTP traffic to gain new insights on attackers and their techniques, enabling improved security controls and hardened defenses. Dive into detailed case studies based on real traffic from Akamai's Cloud Security Intelligence platform, including examples of remote file inclusion attacks and methods for generating signatures to enhance detection capabilities. Discover how to leverage attack "anchors" for enriching other security controls, monitoring URL and domain reputation, and correlating distributed attack campaigns. Gain valuable knowledge on improving web application security through innovative analysis of WAF data.

Introduction
Story
Questions
Another Question
Question Answers
What can I learn
What can I do
Today Im going to talk about
Three Methods
Objectives
IP Reputation
Adolf Signature
File Upload
Web Hive
BotNet Mitigation
Similarities between attackers
Excessive access
Analysis
Enhanced Executive Report
Case Study
Webhive
Actionable Insights
Analysis Reporting
Querying the database