Re: [mod-security-users] web app discovery
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] web app discovery
|
From: Alexx A. <zm...@ya...> - 2006-05-26 12:01:13
|
Let me join your exciting discussion! It's a topic I'm very intrested in! --- Ivan Ristic <iva...@gm...> wrote: > I am afraid I don't understand your question. You > can read about my > ideas here: > http://www.modsecurity.org/blog/archives/2005/11/positive_securi.html > (but that's not implemented). Also read this > http://www.cs.ucsb.edu/~vigna/publications/2005_kruegel_vigna_robertson_CN05.pdf Ivan, I'd like to try to implement ideas mentioned in the link you provided above ( I read this paper and some others from the same authors by this topic ) in some way, perhaps using your module. Do your further plans include support for this kind of positive security model ( I mean anomaly-based?). And how do you think - what will be the best choice for store theese rules ( based on trafic in trainig mode )? Raw format, structers, xml anything else? In my opinion, format for store is rather important, because we should store rules for ALL applications on our server ( rules for every application differ ) and it could cause lot's of data to store, am I right? I found, that other vendors such as Imperva (SecureSphere 3.3), Netcontinuum, Kavado (Defiance TMS 3.1) had already implemented support for positive security model based on dynamic rules generation. It's really intresting for me which way did they choose %) > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > ModSecurity: Open source Web Application Firewall ---------------- Best regards, Alexander __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com |
