Scoring Model

This content should interest your company

Mitigation of attacks targeted to Web Applications is commonly performed thanks to two security mechanisms, known as negative and positive security models. Both of these models have limitations, either functional or related to their implementation. DenyAll Web Application Firewall rWeb implements an additional security security model, yet unique in the WAF environment. This model, known as the “scoring model” relies on a dynamic weight calculation mechanism.

This whitepaper captures our answers:

  • The Scoring Model: We provide you a positive and a negative security models to protect your Web Applications against attacks such as Cross-site scripting, SQL injections, file inclusions or command injections.
  • Test methodology: We selected attacks from the Bugtraq Mailing List and we made a scenario of attack. In order to ensure that the identification and blocking of the attack is performed by the scoring engine no security module but the scoring one are activated.
  • Test results: We provide the overall results obtained by the scoring module of rWeb 3.8 of these attacks we ordered before.