WebApp Sec mailing list archives
RE: White List Proxy ?
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 6 Mar 2007 09:24:58 -0500
What I imagined is a type of white list proxy which examines website
content before feeding it to the
user, it determines if there is any malicious code in the page, if there
is it will deny the page to the
user, if not it will provide it to the user and add the site to the white
list for 24 hours. Just to be clear, what you've described is not a whitelist, it's something along the lines of an IPS... with flaws. The idea of temporarily whitelisting a site - especially for 24 hours - based on its ability to pass an in-line inspection (to what scope and depth?) is an overextension of trust. Plus, this is a proxy, so you can actually examine ALL of the content, unlike a typical NIDS. Unless it's encrypted, of course, in which case you're still screwed. No offense, but I wouldn't buy this product, so I hope nobody makes this product.
This technique would be similar to how antivirus works in scanning files
before allowing open/run
actions. Does anyone know of software that currently does this or something
similar? Thoughts ? If what you want is a web proxy that does AV scanning, there are lots of options. squid-vscan: http://www.openantivirus.org/projects.php Blue Coat: http://www.bluecoat.com/products/av/index.html F-Secure: http://www.f-secure.com/anti-virus/webclub/fsigk.shtml Symantec: http://www.symantec.com/enterprise/products/overview.jsp?pcid=1008&pvid=828_ 1 Symantec + MS ISA: https://www-secure.symantec.com/enterprise/products/overview.jsp?pcid=1008&p vid=1361_1 Trend Micro: http://www.trendmicro.com/en/products/gateway/iwss/evaluate/overview.htm http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm PaulM ------------------------------------------------------------------------- Sponsored by: Watchfire Testing web application for security vulnerabilities? Try AppScan 7.0®. F eatures that include Privilege Escalation Testing, Complex Authentication Support and Validation Highlighting and Reasoning are just some of the reasons more security professionals trust AppScan than any other solution. Change the way you think about application security testing - download AppScan today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008fHZ --------------------------------------------------------------------------
Current thread:
- White List Proxy ? McCarty, Eric C. (Mar 05)
- Re: White List Proxy ? Larry C CUMMINGS (Mar 05)
- RE: White List Proxy ? Paul Melson (Mar 07)