Re: [mod-security-users] web app discovery
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2006-05-25 21:26:31
|
On 5/25/06, kiran k <kir...@ya...> wrote: > > Can you elaborate what you are observing, web application will any number= of > parameters (not jut s.s# which has certain format), which could be > explotied. I am afraid I don't understand your question. You can read about my ideas here: http://www.modsecurity.org/blog/archives/2005/11/positive_secur= i.html (but that's not implemented). Also read this http://www.cs.ucsb.edu/~vigna/publications/2005_kruegel_vigna_robertson_CN0= 5.pdf > How you record these observations, for later use ? I record the entire transaction in the audit log, then put the audit logs into ModSecurity Console. So even if I change my algorithm I still have the raw data to work with. > What happens to performance if you have too many rules. That depends on how fast is the server you are using. I've never had problem with performance with ModSecurity, although I am sure it's quite easy to shoot yourself in the foot with too many rules. --=20 Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |