In the above illustration, Attack Pattern A, when modified, is blocked by WAPPLES but not by 1st or 2nd Generation WAFs.
Take for example, an attack with the pattern [A is (name of fruit)]. If only [A is apple], [A is banana] and [A is orange] are included within the list of detection signatures, a new attack like [A is strawberry] will pass through undetected.
On the other hand, if [A is] is added to the list of detection signatures, in order to block modified attacks like [A is strawberry], non-attack variations like [A is (color)] will all be misidentified as malicious accesses, resulting in a great number of false positives.
WAPPLES’s COCEP™ engine, which doesn’t solely depend on simplistic signature or pattern matches, can analyze whether what follows after [A is] indeed has the characteristics of an attack. Through heuristic and semantic analysis of attack techniques, Penta Security’s WAPPLES can block modified and even “unknown” attacks.
In this way, WAPPLES achieves superior detection accuracy while reducing false positives.