Many web application security solutions leverage a negative security model, which defines what is disallowed while implicitly allowing everything else. Negative security models tend to block what is known to be bad, denying access based on what has previously been identified as content to be blocked. Since attack signatures may generate false positives by detecting legitimate traffic as attack traffic, such rules tend to be simplistic, trying to detect the obvious attacks. The result is protection against the lowest common denominator.
A negative security model defines what is forbidden and accepts the rest. It is the opposite of a Positive Security Model which defines what is allowed and rejects the rest.
See also: Positive Security Model