A reference on web application firewalls: positive vs negative security models, signature and parser-based matching, the CRS anomaly-scoring system and its paranoia levels, where a WAF sits in the request path, and how false positives get tuned away.
Traces why signature-based WAFs are bypassable in principle: encoding and normalization gaps, payload fragmentation, parser differentials between the firewall and the backend, and the structural case for positive security.
A reference deep dive into the OWASP Core Rule Set: its rule categories, the anomaly-scoring model, paranoia levels, the ModSecurity and Coraza engines that run it, and how the project got here.
Traces the WAF from network packet filters that could not see HTTP, through Sanctum AppShield and Ivan Ristic's ModSecurity, the OWASP Core Rule Set, PCI DSS pushing adoption, to cloud WAFs and machine-learning attack scoring.