[Owasp-appsensor-project] SQL injection attack

Ryan Barnett ryan.barnett at owasp.org
Sat Feb 11 16:01:26 UTC 2012


Cool. I had spoken previously with Sean Barnum at Mitre about CAPEC and perhaps this could be used by them too. 

I will start te ball rolling on getting this setup as an actual OWASP project - Attack Patern Database. Let me know who else wants to contribute. 

Ryan

On Feb 11, 2012, at 10:51 AM, Dan Cornell <dan at denimgroup.com> wrote:

>> I am thinking that we need a central repo in XML or something that describes
>> what to look for and optionally where to look for it (param payloads, cookies,
>> etc...).
>> 
>> If we can get a good format that is easily parsable (ModSecurity's rules
>> language is not) it could more easily be consumed by other apps.
>> 
>> Thoughts?
>> 
> 
> I love it.
> 
> We've started to get some better insight into what the different scanner tools do based on our automated virtual patching work (http://www.slideshare.net/denimgroup/the-self-healing-cloud-protecting-applications-and-infrastructure-with-automated-virtual-patching-9445404) I've got a couple other things on my plate right now, but in a week or two I could probably get that lab environment re-set up and we could use the Snort and mod_security logs to start building up a database. I'd love to have that in a centralized place that could then be used to create AppSensor signatures, generate virtual patch, etc.
> 
> Thanks,
> 
> Dan
> 


More information about the Owasp-appsensor-project mailing list