Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: xss detection ruleset

From: Danny Dev <dannydev256 () yahoo com>
Date: Thu, 8 Nov 2012 20:52:01 -0800 (PST)
thanks for the reply.



somehow i don't think that snort is what you are looking for or really wanting 

to use... 


snort's purpose is a lot more involved and deeper than just watching 

for XSS problems... 


one would be much better off to test for and fix their XSS 

problems than just trying to 


detect and block XSS attempts...


While again, I appreciate the reply, I'm not going to bother going into how snort is going 

to fit into our organization, what we're going to use initially, later and how, 

that is neither here nor there.


I just would like to know if anyone has made a ruleset as I mentioned, something that
can detect common xss attack vectors such as illustrated by the xss cheat sheet.


I'm still sifting through the Bleeding snort rules to see what all is there. If it's not available we'll develop it
and can donate it back to the community in case anyone else wants it.

cheers




Hi,

I'm mostly interested in using snort for xss detection as part of the security 
for a php web app.  I was hoping to find some rules that could detect most things 
illustrated by the well known xss cheat cheat.


https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet


I understand this by no means protects a site 100% from xss :) but something that 
will detect many of the most common http xss attacks will work for this 
layer of my security.


Anyway the rules distributed by snort seem pretty slim as far as detecting xss, 
can anyone recommend a third party ruleset that has fairly extensive 
xss detection?

thank you!




------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: