Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
From the author of

More Security with StateWall

Here is a small list of options that are possible using the concepts described in this article:

  • Login brute-forcing defense. Application-level brute-forcing, one of the common attack vectors, is possible to guard against using a session-based approach. StateWall can be defined in a way that it can track the number of attempts made by each session and block future requests originating from that IP address or session if the threshold limit is crossed.
  • Session-based logging. HTTP request logging doesn't have any session-related information with it. However, with IHttpModule, you can build a logging mechanism to log HTTP requests based on sessions. So, for example, you can build a rule by which all requests originating from user "john" will be logged.
  • Dynamic tokens. It is possible to implement dynamic session tokens using IHttpModule. Doing so can provide a defense against session hijacking. At the application firewall, these tokens are checked prior to the serving of the response.

This is just a short list, but an important one nonetheless. A read/write access to session variables offers immense power to implement session-based protection at the firewall.

  • + Share This
  • 🔖 Save To Your Account