Re: xss detection ruleset

[waldo kitty <wkitty42 () windstream net>]

On 11/8/2012 23:52, Danny Dev wrote:
> I just would like to know if anyone has made a ruleset as I mentioned, something that
> can detect common xss attack vectors such as illustrated by the xss cheat sheet.

xss cheat sheet? hummm...

> I'm still sifting through the Bleeding snort rules to see what all is there. If it's not available we'll develop it
> and can donate it back to the community in case anyone else wants it.

you might be better served by using the emerging threats rules instead of 
bleeding snort... bleeding snort is not what it used to be... the founder left 
and set up emerging threats which is very active and puts out new rules and 
updates pretty much every day ;)

> cheers
>
>
>
> > Hi,
> >
> > I'm mostly interested in using snort for xss detection as part of the security
> > for a php web app.  I was hoping to find some rules that could detect most things
> > illustrated by the well known xss cheat cheat.
> >
> >
> > https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
> >
> >
> > I understand this by no means protects a site 100% from xss :) but something that
> > will detect many of the most common http xss attacks will work for this
> > layer of my security.
> >
> >
> > Anyway the rules distributed by snort seem pretty slim as far as detecting xss,
> > can anyone recommend a third party ruleset that has fairly extensive
> > xss detection?
> >
> > thank you!
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_nov
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!