[nycphp-talk] Using an IDS to lock down web apps ...
Jon Baer
jonbaer at jonbaer.net
Wed Aug 27 10:46:03 EDT 2003
i wanted to ask a quick question ...
does anyone here use an ids (like snort/dragon/etc) to lock down their web
apps + track anomalies?
it does not seem like a common scenerio but after writing a bunch of
signatures based on mysql error codes it seems like there are no papers on
it or any advise on the approach ...
a typical example would be as such tracking down bad login attempts over
time or bad variable string formatting or submission of a selection not in a
preformed array, etc.
i dont know if it make sense to go through all the trouble but just wanted
to see if anyone here already does this approach (w/
iptables/netfilter/etc).
- jon
pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
More information about the talk
mailing list