PHPIDS 0.3.2 fresh out of the lab
Article written by .mario
Today we released PHPIDS 0.3.2 with many exciting new features. We had some very interesting contributions from people all over the planet and most of them found their way into this release.
Johannes Dahse helped us a lot improving the SQL injection rules with tons of formerly undetected vectors and we had some great talk with Kevin Schroeder about performance which lead us to do some caching work. We were able to reach a performance boost of over 40% with caching the storage object.
Also we’d like to mention that there’s now a basic PHPIDS Wordpress plugin available written by H. Beyer and you can expect more from the BlogSecurity group soon.
SirDarckCat recently managed to XSS the PHPIDS again - with two surprisingly basic and one insanely advanced XSS vector - thanks to his advice we now feature a method to deal with faulty JS parsing in Gecko-based browsers.
Here’s a list of the majority of new features:
- Caching of the storage object
- Fewer false positives again
- Way better detection of SQL injection attacks
- Optimized CRLF detection - thanks to Stevenr from the PHPIDS forum
- Finally - a database logger based on PDO
- Basic methods to deal with faulty Firefox JS parsing
- Less lines of code
We hope you have fun with the new release and keep up the great support. Meanwhile we are hard working on the 0.4 release and the next days you can expect the alpha of the PHPIDS Typo3 extension.
This entry was posted
on Tuesday, August 28th, 2007 at 9:38 pm and is filed under PHPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
