PHPIDS – PHP-Intrusion Detection System

If you want to detect and act on  XSS probes and attacks on your PHP web application without too much of coding, here’s a project which delivers. It’s called PHPIDS. It’s an IDS for your PHP application which scans your inputs (without sanitizing it) and checks for XSS attacks based on a rule set. You can get an impact analysis of the attack and act on them accordingly based on the severity.

PHPIDS adds a layer of security over your application without having to retrofit code all over the place. It’s also a useful tool to create reports on attacks without having to parse through all the server access log files.

The scanning rules  can be updated by replacing an xml file, pretty much like a virus definition update :)

Check their FAQ’s on how to integrate this with your application – it’s pretty simple. They’ve got a demo page where you can go test out the efficiency of the system.

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

Link: PHPIDS » Web Application Security 2.0 » Index

  • It's a really usefull tool. The fastest way to get know, that someone is tryieng to find some security holes. I remember this kind of automations from the video detector...where the cam is tryieng to detect if the captured situation is showing someone, who tryies to break in (there are patterns, like the xml file here)

    www.opsdesign.at
blog comments powered by Disqus