2009 May 03 - Sun
Open Source Site of the Day: ModSecurity -- Open Source Web Application Firewall
mod_security is an actively maintained web application firewall.
From my reading, it looks like it is a filter for processing web requests before they hit a company's main web server.
It performs a series of different check and balances: looks at http headers for correctness, does common checks on field
content so as to prevent injection attacks, and through a command language, can perform so complex analysis within a request as
well as across requests.
In can be used as an appliance in-line or out-of-line, or can be used as a module right on the web server. The company
defines their 'Web Application Firewall' as a reverse proxy with additional security related features.
Is is an adjunct to a firewall, which can only do some basic session state analysis. There is one slide in a
presentation
on the site which provides a good summary of its capabilities:
- Monitoring: know what happened
- Detection: know when you are being attacked
- Prevention: stop attacks before they succeed
- Assessment: discover problems before the attackers do
It looks like mod_security is a very good tool for helping web developers protect themselves from things they don't know.
Web developers focus more on content and less on security. This tool helps rebalance the problem.
SANS is a good place to start learning about security.
[/OpenSource/SiteOfTheDay/D200905]
permanent link
|
