Just thought I would share this:
http://php-ids.org/
User input from various globals can be parsed and checked for a very large variety of potential attack vectors. Any potential security breach is issued with a rating indicating the severity. Based on these scores you can either immediately block the user or keep a log and add the overall session score and only act on it once it reaches a particular level (sign of repeated attempts).
I have no affiliation with them, it is just a very useful product.
Intruder Detection System
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Intruder Detection System
Yea I've known it for a while, but I do not recommend using it as for productional use.aschlosberg wrote:Just thought I would share this:
http://php-ids.org/
User input from various globals can be parsed and checked for a very large variety of potential attack vectors. Any potential security breach is issued with a rating indicating the severity. Based on these scores you can either immediately block the user or keep a log and add the overall session score and only act on it once it reaches a particular level (sign of repeated attempts).
I have no affiliation with them, it is just a very useful product.
I've "passed the test" a couple of times and I'm not the only one. For sure the author fixed these problems, but the thing is that he is a human and there is too high risk of security holes. If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything. These kind of applications are experimental and very fun, but that's it.
-
aschlosberg
- Forum Newbie
- Posts: 24
- Joined: Fri Jan 23, 2009 10:17 pm
Re: Intruder Detection System
Definitely, I don't recommend it as a protective measure in case it fails. I do however think it is very good for ending the sessions of malicious users.kaisellgren wrote:If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything.
Do you know what their "centrifuge" system does to learn new vectors? Is it any good?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Intruder Detection System
Haven't looked into it much. Maybe I'll give it a shot and perhaps implement some ideas from it to my project.aschlosberg wrote:Definitely, I don't recommend it as a protective measure in case it fails. I do however think it is very good for ending the sessions of malicious users.kaisellgren wrote:If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything.
Do you know what their "centrifuge" system does to learn new vectors? Is it any good?