NYCPHP Meetup

[nycphp-talk] Using an IDS to lock down web apps ...

Jon Baer jonbaer at jonbaer.net
Wed Aug 27 10:46:03 EDT 2003


i wanted to ask a quick question ...

does anyone here use an ids (like snort/dragon/etc) to lock down their web
apps + track anomalies?

it does not seem like a common scenerio but after writing a bunch of
signatures based on mysql error codes it seems like there are no papers on
it or any advise on the approach ...

a typical example would be as such tracking down bad login attempts over
time or bad variable string formatting or submission of a selection not in a
preformed array, etc.

i dont know if it make sense to go through all the trouble but just wanted
to see if anyone here already does this approach (w/
iptables/netfilter/etc).

- jon

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47




More information about the talk mailing list