Intruder Detection System

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
aschlosberg
Forum Newbie
Posts: 24
Joined: Fri Jan 23, 2009 10:17 pm

Intruder Detection System

Post by aschlosberg »

Just thought I would share this:

http://php-ids.org/

User input from various globals can be parsed and checked for a very large variety of potential attack vectors. Any potential security breach is issued with a rating indicating the severity. Based on these scores you can either immediately block the user or keep a log and add the overall session score and only act on it once it reaches a particular level (sign of repeated attempts).

I have no affiliation with them, it is just a very useful product.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Intruder Detection System

Post by kaisellgren »

aschlosberg wrote:Just thought I would share this:

http://php-ids.org/

User input from various globals can be parsed and checked for a very large variety of potential attack vectors. Any potential security breach is issued with a rating indicating the severity. Based on these scores you can either immediately block the user or keep a log and add the overall session score and only act on it once it reaches a particular level (sign of repeated attempts).

I have no affiliation with them, it is just a very useful product.
Yea I've known it for a while, but I do not recommend using it as for productional use.

I've "passed the test" a couple of times and I'm not the only one. For sure the author fixed these problems, but the thing is that he is a human and there is too high risk of security holes. If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything. These kind of applications are experimental and very fun, but that's it.
aschlosberg
Forum Newbie
Posts: 24
Joined: Fri Jan 23, 2009 10:17 pm

Re: Intruder Detection System

Post by aschlosberg »

kaisellgren wrote:If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything.
Definitely, I don't recommend it as a protective measure in case it fails. I do however think it is very good for ending the sessions of malicious users.

Do you know what their "centrifuge" system does to learn new vectors? Is it any good?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Intruder Detection System

Post by kaisellgren »

aschlosberg wrote:
kaisellgren wrote:If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything.
Definitely, I don't recommend it as a protective measure in case it fails. I do however think it is very good for ending the sessions of malicious users.

Do you know what their "centrifuge" system does to learn new vectors? Is it any good?
Haven't looked into it much. Maybe I'll give it a shot and perhaps implement some ideas from it to my project.
Post Reply