Re: [mod-security-users] integrating detection of encrypted, obfuscated, malicious code in cookies
Brought to you by:
victorhora,
zimmerletw
From: Breno S. <bre...@gm...> - 2012-09-13 13:17:17
|
Hello Sudesh, Humm.. maybe you can improve our encryption engine, that can sign html elements, to protect sign cookies. This will prevent modifications and malicious code injection. Thanks Breno On Thu, Sep 13, 2012 at 4:25 AM, Sudesh Jethoe <sud...@os...> wrote: > Hi All, > > For a research project I am currently writing a proposal to integrate > the detection of malicious code in cookies in mod_security. > > The attack on which I focus is one in which code inside cookies is > encrypted and obfuscated. I was wondering if anyone might know more of > this topic. > > > -- > *~. Sudesh Jethoe .~* > *~. System and Network Engineering (2010-2011) .~* > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |