WebApp Sec mailing list archives

RE: The Santy worm and Application Security

From: Paul Laudanski <zx () castlecops com>
Date: Fri, 31 Dec 2004 18:42:30 -0500 (EST)

There is a good free open source solution that is built into Apache as a 
module:

http://modsecurity.org

Here are some filters that can be easily installed to 406 the santy and 
phpinclude attacks:

http://castlecops.com/article-5642-nested-0-0.html

From about 300,000 attacks in a 55 hour period, false positives were

minimal, and all was logged via syslog.

-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezaf_at_breach.com]
Sent: Monday, December 27, 2004 6:41 PM
To: webappsec_at_securityfocus.com
Subject: The Santy worm and Application Security

[SNIP]

While I'm not writing this all as a marketing pitch, some of these ideas
are implemented in my company's products ;-) I'd be happy to hear what
the other pros here have to say about this.

[SNIP]
-- 
Regards,

Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) - http://castlecops.com
Promoting education and health in online security and privacy.

Current thread:

RE: The Santy worm and Application Security Paul Laudanski (Jan 01)
- <Possible follow-ups>
- RE: The Santy worm and Application Security Ofer Shezaf (Jan 01)
  - RE: The Santy worm and Application Security Paul Laudanski (Jan 01)
- RE: The Santy worm and Application Security Ofer Shezaf (Jan 02)
  - RE: The Santy worm and Application Security Paul Laudanski (Jan 02)