Monday, August 8, 2016

Steps to create your WAF(web application firewall) in C

Following definition (like OWASP), a WAF is a piece of software intended to protect a web app that is on the level of the application. nowadays, a WAF is not defined by the web app, it’s not a customized solution specific to that application but similarly to a general software firewall, where one that contains parameters to protect against intrusion in a wide variety of frameworks and codes.

Firewall burning invasors hehehe !
Trying clear your mind, there is overlap between the different types of firewalls. Software and hardware firewalls are used in their own right to protect networks. However, WAFs with their specialized function for web applications, can take the form input of either of those two main types. Per default, a firewall uses a blacklist, protecting against an individual, previously logged attacks. Additionally, it can also use a white list, providing allowable users and instances of interaction for the application, another function is block SQL Injection attacks and XSS attacks... Another context  WAFs can create random tokens and put in forms to try blocks web robots and automated attacks, this practice can try mitigate CSRF pitfalls.
Before you ask "How i can do  it?", i gotta bring to you some principles, anyway the theory around facts...

Have two common WAFs:

1-Uses plugin in HTTPd to get information of data INPUT or OUTPUT, before finish he gets the request and block some contents, this function focuses at HTTP METHODs POST, GET... 
2-this way, is my favorite, is a independent reverse proxy server, he bring all requests of the client to the proxy, the proxy makes some analysis in the content, if not block, he send all the information to the external server...

Number One is a cold, this path is not fully portable... other bad thing you need create a diferent plugin each HTTPd, something to apache another to NGINX, IIs, lighttpd...  its not cool! If you are not a good low level programmer... you can try use twisted of python, is easy make reverse proxy with it, but is not good way, because not have good performance in production... if you piss off for it, study the Stevens book of sockets.

Its OK, the title of this post is "create waf in C", Task fully done here and commented and with some documentations in LaTex... relax, you can get it in this repository:
Raptor WAF is a simple web application firewall made in C, using KISS principle, to make poll use select() function, is not better than epoll() or kqueue() from *BSD but is portable,  the core of match engine using DFA to detect XSS, SQLi and path traversal, you can see here
 No more words, look at the following :

Thank you for reading this! 

Monday, August 1, 2016

Talking about text classifiers

In last year following search something about machine learning, like a try to detect SPAMs at my private projects. i saw something about KNN, random decision forests  and naive bayes.

Consequently, i wrote C++ library to classify texts, and some slides for apresentation, you can view at end of this blog post. 

So i choice  Naive Bayes because Naive Bayes is one of the simplest classifier which is based on Bayes theorem with strong and naïve independence assumptions. It is one of the most basic text classification techniques with various applications in email spam detection, document categorization, sexually explicit content detection, personal email sorting, language detection and sentiment detection(i think something like NLP). Despite the naïve design and oversimplified assumptions that this technique uses, Naive Bayes performs well in many complex real-world problems. Other good thing, Naive Bayes is good to limited resources in terms of CPU and Memory.

To optimize accuracy of detection i uses DFA(deterministic  finite automaton) is util to match patterns and put each pattern in ranking, that ranking have one classification. You can view the following code here. To make your automaton you can use Flex, bison other way that you like...

If you view apresentation, at slide number 12, you can see my point view about ranking to optimize accuracy of classifier at results.

SO, This is a very cool trick to gain accuracy. No more words friends. Thank you for reading this! 

Cheers !