WebApp Sec mailing list archives
Re: web application audit ideas needed
From: Serg Belokamen <serg.belokamen () gmail com>
Date: Wed, 10 Aug 2005 01:56:08 +1000
I don't think being statless or not is a determining factor in qualifying as a software firewall application. mod_security can be configured (for example with mod_rewrite) to deny particular request strings and redirect them to a specialised logger, honepot, etc. Hence it qualifies as a firewall. It can also be configured to alert admin. of dangerous traffic, hence the IPS. So in reality the product can act as both or either... Serg On Tue, 2005-08-09 at 20:50 +0800, Yanglei wrote:
mod-security is opensouce web application ips, you can learn more from http://www.modsecurity.org/ . In modsecurity website, it is said that is web application firewall, but i don't think so. mod-security is a web ips, or you can call that web filter, but not a web application firewall becouse it is not support application-level stateful check. like imperva 's product can be call a web application. ----- Original Message ----- From: "learn lids" <learnlids () yahoo com> To: <webappsec () securityfocus com> Sent: Monday, February 14, 2005 1:51 PM Subject: web application audit ideas neededhi everyone i am a newbie to this filed of webappsec. for a research project, i am looking at source audit of web app. it has activex components etc. what all sould be covered vis-a-vis security prespective? could someone maybe throw some ideas for apps which I can cover for my practice - maybe a good meduim sized open source app ? thanks __________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Current thread:
- Re: web application audit ideas needed Yanglei (Aug 09)
- Re: web application audit ideas needed Serg Belokamen (Aug 09)