Am 12.09.2013 16:54, schrieb Rolling Stone: > In "learning mode", creating Lua script to:
Hmm, "learning mode" is WAF sales man's magic pitch. However it would be a good technique if it works. > 1- Intercept and scan response data, parses HTML and identify inline JS > and JS embedded in HTML events. 1'st: how would you deal with JS embeded in JSON, with HTML with events embedded in JS and/or JSON and/or XML? What will be with other formats like DWR, GWT? And then there are obfuscated scripts, or packed, etc.. 2'nd: if all the learned rules are configured, how do we get rid of old rules? (I guess rapid web developing is faster than "learning mode":) These are not ModSecurity or CRS problems, and can be found in any other WAF with "learning mode" too. Sorry for asking questions instead of providing solutions. Parsing and detecting JS correctly in modern web apps is an infinite job. Achim _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
