WebApp Sec mailing list archives
RE: The Santy worm and Application Security
From: Paul Laudanski <zx () castlecops com>
Date: Fri, 31 Dec 2004 18:42:30 -0500 (EST)
There is a good free open source solution that is built into Apache as a module: http://modsecurity.org Here are some filters that can be easily installed to 406 the santy and phpinclude attacks: http://castlecops.com/article-5642-nested-0-0.html
From about 300,000 attacks in a 55 hour period, false positives were
minimal, and all was logged via syslog. -----Original Message----- From: Ofer Shezaf [mailto:Ofer.Shezaf_at_breach.com] Sent: Monday, December 27, 2004 6:41 PM To: webappsec_at_securityfocus.com Subject: The Santy worm and Application Security [SNIP] While I'm not writing this all as a marketing pitch, some of these ideas are implemented in my company's products ;-) I'd be happy to hear what the other pros here have to say about this. [SNIP] -- Regards, Paul Laudanski - Computer Cops, LLC. CEO & Founder CastleCops(SM) - http://castlecops.com Promoting education and health in online security and privacy.
Current thread:
- RE: The Santy worm and Application Security Paul Laudanski (Jan 01)
- <Possible follow-ups>
- RE: The Santy worm and Application Security Ofer Shezaf (Jan 01)
- RE: The Santy worm and Application Security Paul Laudanski (Jan 01)
- RE: The Santy worm and Application Security Ofer Shezaf (Jan 02)
- RE: The Santy worm and Application Security Paul Laudanski (Jan 02)