WAF是时候跟正则表达式说再见 破见 weibo.com/u/5261507198 正则表达式不适合用于构建WAF 现有WAF的解决方案 如何构建未来的WAF  Part 1  Part 2  Part 3 议题内容 Part 1 正则表达式不适合用于构建WAF 感性认识—误报和漏报难以平衡 尝试寻找有理证明 WAF自身安全 正则表达式 正则表达式 计算复杂度 正则表达式DDOS攻击 非Regex DOS WAF防御能力 正则表达式DDOS攻击 提出一种正则表达式的DDOS攻击： 正则表达式的最坏时间复杂度大于等 于?(?2 )，该正则表达式可被DDOS 攻击 输入长度 (K) PCRE/PHP(ms) JAVA(ms) 1 0.5 32 2 23 53 4 111 142 * select.*from 影响范围 owasp-modsecurity-crs Discuz_X3.3_SC_UTF8 wordpress-4.7.1 某云WAF/360_safe3.php (?i:(?:(union(.*?)select(.*?)from))) (?i:

0 码力 | 24 页 | 1.66 MB | 1 年前

3

Running node-waf configure build will create a file build/default/hello.node which is our Addon. 运行 node-waf configure build，我们就创建了一个 Addon 实例 build/default/hello.node。 node-waf is just WAF, the python-based python-based build system. node-waf is provided for the ease of users. node-waf 就是 WAF,，一种基于 python 的编译系统，而 node-waf 更加易于使 用。 All Node addons must export a function called init with this signature: 另外，在

iisadmin"可停止服务器的IIS服务） 23 防护方法 n 代码级防护 q 验证输入 q 参数化SQL q 输出检查 q 使用存储过程 n 平台级别防护 q 在运行期间防护：使用WAF、URL重写等 q 配置数据库安全策略（权限配置、关闭默认账号、审计等） 24 3.2.跨站脚本攻击 25 概述 n Cross Site Scripting（简写为XSS） q 务攻击系统 等 109 DDoS攻击防护产品 WEB应用防火墙 n WEB应用防火墙(简称：WAF) ，工作在网络应用层， 对来自WEB应用程序客户端的各类请求进行内容检测 和验证，确保其安全性与合法性，对非法的请求将予 以实时阻断，从而对各类网站进行有效防护。 n WAF产品应该具备以下功能： q 针对各类WEB应用攻击的检测和防御能力，如SQL注入、跨站脚 本等，满足对检测、防御能力在广度和深度上的要求 WEB应用漏洞扫描能力，加强WEB应用自身的安全性 110 q 代表产品：昊天电子政务防护系统、绿盟WEB应用防火墙、梭 子鱼应用防火墙、 Imperva SecureGrid WEB 应用防火墙…… n 以昊天WAF产品为例： 111 WEB应用防火墙 WEB应用主机加固 n WEB应用主机加固工具主要实时截取和分析 软件的执行流或交互的协议流，实时发现和过 滤攻击。 n 代表性产品： q Real

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 12.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 12.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 13.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 13.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 13.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 13.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to

a minimal implementation of a build helper for the Waf build system . First, we need to create a recipe for the python_requires that will export waf_environment.py, where all the implementation of the from conans import ConanFile from waf_environment import WafBuildEnvironment class PythonRequires(ConanFile): name = "waf-build-helper" version = "0.1" exports = "waf_environment.py" 13.4. Creating a case, the build helper for Waf will create one file named waf_toolchain.py that will contain linker and compiler flags based on the Conan settings. To pass that information to Waf in the file, you have to