Passive Web Application Firewall

摘要

To protect network-based services, offering computer implemented functionality, from attacks, a passive web application firewall reactively identifies vulnerabilities, enabling such vulnerabilities to be quickly ameliorated, without intercepting communications or introducing other suboptimal aspects of traditional web application firewalls. Communications directed to the network-based services are logged and such logs are scanned for entries evidencing attacks, such as based on predetermined attack syntax. Further evaluation of the entries identified as evidencing attacks identifies a subset of those entries that correspond to likely successful attacks. Such further evaluation includes attacking the network-based service in an equivalent manner. Attacks that are found to be successful identify vulnerabilities, and a notification of such vulnerabilities is provided to facilitate amelioration of such vulnerabilities. Vulnerability amelioration can be automatic, such as by automatically adjusting the settings corresponding to the implementation of the network-based services to ameliorate identified vulnerabilities in a predetermined manner.

主权项

1. A method of protecting delivery of computer-implemented functionality that is offered over a network, the method comprising the steps of:
obtaining logs of prior communications directed to the computer-implemented functionality; identifying a set of entries, from the obtained logs, as attacks based on each entry, of the set of entries, matching a pre-determined attack syntax; attempting to attack the computer-implemented functionality using same attacks as in the set of entries; identifying a subset of entries, from the set of entries, as likely successful attacks based on results of the attempted attacking; and generating notification of only the subset of entries.