WebApp Sec mailing list archives
Re: App Firewalls and Secure Libraries
From: Ivan Ristic <ivanr () webkreator com>
Date: Wed, 01 Sep 2004 00:07:34 +0100
Mark Curphey wrote:
The best approach I have seen recently is to build a reusable component into the servlet filter API (Ivan R. I will let you share that if you feel comfortable) where you at least understand the business logic.
I should have a working version of Java web security filter in a couple of days. As some of you may know I am a great supporter of embedded web firewalls. But both approaches have their merits. Network-based web firewalls are very easy to stick into an existing network, and they can cover many web servers at once. And they are very good at producing audit logs. But as Mark said, my approach with the servlet filter API *is* to allow integration with applications. However the integration should go both ways. People sometimes think intrusion detection/prevention is about securing insecure networks and badly written web applications. It isn't. All networks/apps can (and many will) be broken into. The point is to design a system where intrusions are detected early, contained, and dealt with. In my view, applications are often the best place to detect attacks when they take place. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
Current thread:
- RE: Finally - Curphey award 2004 to SPI Dynamics Sebastien Deleersnyder (Aug 25)
- <Possible follow-ups>
- RE: Finally - Curphey award 2004 to SPI Dynamics Sebastien Deleersnyder (Aug 25)
- Re: App Firewalls and Secure Libraries Mark Curphey (Aug 25)
- Re: App Firewalls and Secure Libraries Ivan Ristic (Aug 31)
- Re: App Firewalls and Secure Libraries Mark Curphey (Aug 25)