In computer network environments, application vulnerabilities (e.g., those of web applications) pose an extremely serious threat to user privacy, data security, and financial safety. Conventionally, a common practice for protecting applications includes deployment of firewalls such as web application firewalls (WAFs) and/or network intrusion detection systems (IDSs).
Unfortunately, a limitation of such systems is the reactive approach taken by these systems in detecting malicious activity. These conventional techniques can only detect the attacks they are configured to protect against and only while the attacks are in progress. Additionally, they have limited or in some cases no visibility into attackers inspecting, analyzing and reverse engineering the site, whether an attacker has already been successful in compromising the web application, the attacker's skill level, whether the attacker has attempted an attack before, the level of threat the attacker poses, or other data related to profiling the attacker.