[Mod-security-developers] Integration of libinjection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] Integration of libinjection
|
From: Ryan B. <RBa...@tr...> - 2013-01-22 21:59:08
|
Please refer to the following presentation - http://www.slideshare.net/nickgsuperstar/libinjection-isecpartners. GitHub Report here - https://github.com/client9/libinjection. The idea is to add in a new operator called something like "@detectSQLi". You would pass to it the name of the fingerprints.txt file. So it would be used like this - SecRule ARGS "@detectSQLi /path/to/fingerprints.txt" I think this would be a great addition. If anyone is interested in helping to add libinjection support to ModSecurity please let me know. -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
