Menu
▾
▴
RE: [Owasp-input-api-developers] Code
|
From: vertigo <ve...@pa...> - 2002-04-16 18:09:21
|
It's really quite simple. We don't have to use it, but the stuff I've written seems useful. Don't worry, we are not developing a full-on-robo IDS. This section is just a reporting tool--and yes, an implementation of the IDMEF. We will be scrubbing input, but when someone sends a "';DROP TABLE Users" string, I would sure like to know about it, wouldn't you? Nathan -----Original Message----- From: owa...@li... [mailto:owa...@li...]On Behalf Of Christopher Todd Sent: Tuesday, April 16, 2002 11:27 AM To: owa...@so... Subject: RE: [Owasp-input-api-developers] Code Nathan, Ummm, I'm a bit lost...are you implementing simple APIs for scrubbing user input, or creating some kind of IDS for webapps? Is there some design documentation that I've missed? I've grabbed what's in CVS, and I've read the website, and it's still not clear to me what you mean when you say "I need some implementations by the 30th." Implementations of what? Regards, Chris -----Original Message----- From: owa...@li... [mailto:owa...@li...]On Behalf Of vertigo Sent: Tuesday, April 16, 2002 10:59 AM To: owa...@so... Subject: [Owasp-input-api-developers] Code Ok, I've been working on an implementation of the IDWG's IDMEF (filters/doc/draft-ietf-idwg-idmef-xml-06.txt). It's been fairly easy-going in Java, and I imagine it should be even more simple in Perl. This is important for messaging, although it adds a bit of overhead. I need to see some implentations by the 30th. The major road-blocks I've encountered are in the application-unique identifier area, and with NTP Timestamps. I'm avoiding the latter issue, and I think we can do without proper timestamps for now. The first issue, however is a little more important, and more pervasive. We need to decide on a scheme for uniquely identifying attacks. This will also be used in other areas of the application (signature IDs, filter IDs, and basically any entity that may need to be uniquely identified). It's pretty important. I think we all know enough about this app to start writing some code. Start with the IDMEF. This will lay the messaging groundwork, and allow us to address nomenclature, vocabulary, blah blah blah. Once this is done, we can move on to proper filtering. Todd is working on a DTD for our filter and signature classes. Contact him for any updates. FYI, I'll be pretty busy in the next couple of weeks. I have some new projects in the works (one HUGE 4D to SQL Server migration and a couple of mini Perl CGIs). These ones are paying my bills, so they get first priority of course. I believe everyone has access to the CVS repository, but if not contact me. For those who may not be familiar with CVS, remember it is not a replacement for communication. For the next 2 weeks I'll be working in 'filters/lang/java/src/org/owasp/idmef' and 'filters/docs'. Nathan _______________________________________________ Owasp-input-api-developers mailing list Owa...@li... https://lists.sourceforge.net/lists/listinfo/owasp-input-api-developers |
