WebApp Sec mailing list archives
White List Proxy ?
From: "McCarty, Eric C." <emccarty () er ucsd edu>
Date: Fri, 2 Mar 2007 11:42:44 -0800
After considering possible defenses to the multitude of web attacks that continue to surface, I keep coming to the conclusion that white lists are the way to go. Unfortunately as we all know, white lists are difficult to maintain and often overly restrictive. What I imagined is a type of white list proxy which examines website content before feeding it to the user, it determines if there is any malicious code in the page, if there is it will deny the page to the user, if not it will provide it to the user and add the site to the white list for 24 hours. This technique would be similar to how antivirus works in scanning files before allowing open/run actions. Does anyone know of software that currently does this or something similar? Thoughts ? Eric McCarty ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHe --------------------------------------------------------------------------
Current thread:
- White List Proxy ? McCarty, Eric C. (Mar 05)
- Re: White List Proxy ? Larry C CUMMINGS (Mar 05)
- RE: White List Proxy ? Paul Melson (Mar 07)