WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: White List Proxy ?

From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 6 Mar 2007 09:24:58 -0500
What I imagined is a type of white list proxy which examines website

content before feeding it to the 

user, it determines if there is any malicious code in the page, if there

is it will deny the page to the 

user, if not it will provide it to the user and add the site to the white

list for 24 hours. 
 
Just to be clear, what you've described is not a whitelist, it's something
along the lines of an IPS... with flaws.  The idea of temporarily
whitelisting a site - especially for 24 hours - based on its ability to pass
an in-line inspection (to what scope and depth?) is an overextension of
trust.  Plus, this is a proxy, so you can actually examine ALL of the
content, unlike a typical NIDS.  Unless it's encrypted, of course, in which
case you're still screwed.  No offense, but I wouldn't buy this product, so
I hope nobody makes this product.



This technique would be similar to how antivirus works in scanning files

before allowing open/run 

actions. 

Does anyone know of software that currently does this or something

similar? Thoughts ?
 
If what you want is a web proxy that does AV scanning, there are lots of
options.  

squid-vscan: http://www.openantivirus.org/projects.php
Blue Coat: http://www.bluecoat.com/products/av/index.html
F-Secure: http://www.f-secure.com/anti-virus/webclub/fsigk.shtml
Symantec:
http://www.symantec.com/enterprise/products/overview.jsp?pcid=1008&pvid=828_
1
Symantec + MS ISA:
https://www-secure.symantec.com/enterprise/products/overview.jsp?pcid=1008&p
vid=1361_1
Trend Micro:
http://www.trendmicro.com/en/products/gateway/iwss/evaluate/overview.htm
 
http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm


PaulM


 


-------------------------------------------------------------------------
Sponsored by: Watchfire

Testing web application for security vulnerabilities? Try AppScan 7.0®. F
eatures that include Privilege Escalation Testing, Complex Authentication
Support and Validation Highlighting and Reasoning are just some of the
reasons more security professionals trust AppScan than any other solution.
Change the way you think about application security testing -
download AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008fHZ
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: