Page 1 of 1
Intruder Detection System
Posted: Fri Jan 23, 2009 10:59 pm
by aschlosberg
Just thought I would share this:
http://php-ids.org/
User input from various globals can be parsed and checked for a very large variety of potential attack vectors. Any potential security breach is issued with a rating indicating the severity. Based on these scores you can either immediately block the user or keep a log and add the overall session score and only act on it once it reaches a particular level (sign of repeated attempts).
I have no affiliation with them, it is just a very useful product.
Re: Intruder Detection System
Posted: Sat Jan 24, 2009 9:56 am
by kaisellgren
aschlosberg wrote:Just thought I would share this:
http://php-ids.org/
User input from various globals can be parsed and checked for a very large variety of potential attack vectors. Any potential security breach is issued with a rating indicating the severity. Based on these scores you can either immediately block the user or keep a log and add the overall session score and only act on it once it reaches a particular level (sign of repeated attempts).
I have no affiliation with them, it is just a very useful product.
Yea I've known it for a while, but I do not recommend using it as for productional use.
I've "passed the test" a couple of times and I'm not the only one. For sure the author fixed these problems, but the thing is that he is a human and there is too high risk of security holes. If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything. These kind of applications are experimental and very fun, but that's it.
Re: Intruder Detection System
Posted: Sat Jan 24, 2009 11:46 pm
by aschlosberg
kaisellgren wrote:If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything.
Definitely, I don't recommend it as a protective measure in case it fails. I do however think it is very good for ending the sessions of malicious users.
Do you know what their "centrifuge" system does to learn new vectors? Is it any good?
Re: Intruder Detection System
Posted: Sun Jan 25, 2009 7:37 am
by kaisellgren
aschlosberg wrote:kaisellgren wrote:If you application is let's say XSS safe - there is no need for additional XSS protector. Same applies to SQL injections, CSRF, and everything.
Definitely, I don't recommend it as a protective measure in case it fails. I do however think it is very good for ending the sessions of malicious users.
Do you know what their "centrifuge" system does to learn new vectors? Is it any good?
Haven't looked into it much. Maybe I'll give it a shot and perhaps implement some ideas from it to my project.