WebApp Sec mailing list archives

Re: Content monitorting in Application Security

From: Martin Schapendonk <martin.schapendonk () gmail com>
Date: Mon, 24 Jan 2005 08:28:45 +0100

I like the suggestion to check for (multiple) occurrences of
SQL-statements etc.. If you think of it, it's just like UCE/UBE
filtering.

Maybe it's possible to use software like SpamAssassin and/or
BogoFilter to determine if a file is "definitely insecure",
"definitely secure" or "not sure". Of course, they would require a
whole different ruleset and perhaps some extra training depending on
the site, but I do think this may have some perspective.

Also, performance wise this may be a good idea: SA and BF are designed
for realtime email processing, so I don't see why they shouldn't be
able to process a sufficient number of files, even on modest hardware.

Regards,

Martin

-- 
  Martin Schapendonk, martin.schapendonk () gmail com

Current thread:

RE: Content monitorting in Application Security, (continued)
- - RE: Content monitorting in Application Security Paul Laudanski (Jan 09)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 09)
  - Re: Content monitorting in Application Security Martin Mačok (Jan 10)
  - RE: Content monitorting in Application Security Antoine Martin (Jan 10)
  - Re: Content monitorting in Application Security oliver.karow (Jan 10)
  - Re: Content monitorting in Application Security Ivan Ristic (Jan 10)
  - Re: Content monitorting in Application Security Jeremiah Grossman (Jan 13)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 15)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 23)
  - Re: Content monitorting in Application Security Martin Schapendonk (Jan 24)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 27)