[Owasp-appsensor-project] SQL injection attack

Dan Cornell dan at denimgroup.com
Sat Feb 11 15:51:13 UTC 2012


> I am thinking that we need a central repo in XML or something that describes
> what to look for and optionally where to look for it (param payloads, cookies,
> etc...).
> 
> If we can get a good format that is easily parsable (ModSecurity's rules
> language is not) it could more easily be consumed by other apps.
> 
> Thoughts?
> 

I love it.

We've started to get some better insight into what the different scanner tools do based on our automated virtual patching work (http://www.slideshare.net/denimgroup/the-self-healing-cloud-protecting-applications-and-infrastructure-with-automated-virtual-patching-9445404) I've got a couple other things on my plate right now, but in a week or two I could probably get that lab environment re-set up and we could use the Snort and mod_security logs to start building up a database. I'd love to have that in a centralized place that could then be used to create AppSensor signatures, generate virtual patch, etc.

Thanks,

Dan



More information about the Owasp-appsensor-project mailing list