rWeb provides several filtering lists using models that are negative (the Black List contains all known attacks and is maintained by Deny All) or positive (the White List consolidates all authorised queries and is set up by the administrators using dedicated tools).
The Scoring List is a third filtering list, classified as a negative list but with the special feature of providing an assessment of the query danger level.
The key concept of this assessment is to give a weighting to each index and characteristic detected in the query. The final assessment of all these weightings may or may not lead to blocking of the query.
For example, the log display (§ copy of the following screen) shows all relevant rules, coefficients and weightings. The sum of these coefficients must be greater or equal to the threshold to result in blocking.
The log display can also be used to deactivate a rule or instantly change the coefficients.
This list perfectly complements the Black List to offer a unique negative security model. These two filters are maintained by Deny All, which has unique experience in this field, thereby avoiding the detection errors (false negatives and false positives) inherent in other filtering technologies.
Scoring List
| FUNCTIONALITY |
BENEFITS |
| Negative security model |
Detects known attack patterns (and not fixed character strings) in queries |
| Adaptive model |
The weightings or coefficients are adapted automatically for each protected application.
This model represents the best compromise between simplicity, standardisation and adaptation to the context. |
| Logs |
The logs provided indicate very clearly the rules and coefficients that have resulted in a blocking decision |
