|
|
|
|
|
|
by dsacco
3608 days ago
|
|
|
Thanks for the answers. I have clarifying questions: How much of your machine learning is used for understanding the application (as Ivan said elsewhere, clustering login functionality together), and how much is actually used for fingerprinting vulnerability identification attempts on the part of user input? To place this in a broader context, you do not need machine learning for identifying many cases of malicious user input, you can rely on simple heuristics. There is likely no reason for a user to submit `<script>alert(1);</script`, which is an obvious test for XSS low hanging fruit. Any good WAF will do this. Given that, does Wallarm use mostly heuristics for identifying malicious user input, or does it also combine machine learning into this process at all to find non-obvious input patterns that could be indicative of penetration testing attempts? |
|
|