Category

Researcher Corner

Category

A key element of any security solution, whether its a WAF, NGWAF, RASP or even a SIEM or a classic IDS, is the ability to correctly detect whether an incoming API request is malicious. The traditional way to do it is using signatures and regular expressions (regex). Some sets of signatures are open-sourced such as Core Rule Set, others are commercial sources of signatures. Although wide-spread, classifying inputs with the help of signatures is not…