With our whitepapers, we will give you insight into our recent research topics.
Quantity and complexity of web applications has multiplied during the last years - the threats have, too. Web Application Firewalls seem to be an appropriate tool for deploying countermeasures in an enterprise environment.
Due to the bulk of threats, an amount of countermeasures had shown up, whereas there is still a lack of evaluating techniques. This paper introduces approaches such as cookie-/urlencryption and presents a formal method for deriving the (in-)effectiveness of WAF-deployable countermeasures.
A forgery-proof and secure system is needed when a reverse proxy meets incompatible, unsupported, or blackbox-like authentication systems.
The presented system bases on offloading the complexity of authentication-backend communication on a dedicated server. For tracking the user, a cookie gets used that can be evaluated by the reverse proxy in order to provide access control.