Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another way to get protection for application-level attacks

Published: 2010-06-14
Last Updated: 2010-06-14 06:41:43 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

I am a fan of modsecurity (http://www.modsecurity.org/) as a fast and cheap way to get decent protection for application layer attacks. But, as you know, risks are increasing and when the risk analysis performed to your organization shows that application disruptions have a big impact to the core business, it's time to strengthen controls and think about delivering protection from the code itself. I have found useful PHPIDS library, which detects XSS, SQL Injection, header injection, directory traversal,  DoS and LDAP attacks. Since it works from code, you can get the output and send it to your favorite alert vault to correlate security events.

Version 0.6.4 was recently released. More information at http://php-ids.org/2010/06/06/phpids-0-6-4-is-ready/

Want to use same functionality in perl? Try http://search.cpan.org/dist/CGI-IDS/lib/CGI/IDS.pm. It is based on php-ids. 

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name | msantand at isc dot sans dot org 

0 comment(s)
Diary Archives