1 Jun 2006 21:44
Re: Re: web app discovery
Ivan Ristic <ivan.ristic <at> gmail.com>
2006-06-01 19:44:02 GMT
2006-06-01 19:44:02 GMT
On 5/28/06, Alexx Alexx <zmische <at> yahoo.com> wrote: > > Why not to use existing logs, for example, to create > basic "knowledge" rules? It could be useful for > web-application with specific logic that is almost > static, so as you are able to scan logs for some > period and produce rules, tweak them and almost > forgot. Because existing logs do not contain enough data to create rules from them (because there's no information about what goes in request bodies). I think it's better to do it properly, by learning from the complete transactions captured by ModSecurity. BTW, the more I think about on-the-fly conversion the more I like it. -- -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
RSS Feed