PHPIDS » Web Application Security 2.0

Only half a month after the last release we present the new PHPIDS 0.4.6. This time we did lots of optimizations on the generic attack detection and the PHPIDS Centrifuge. There is a pretty new way to detect vectors which are not caught by the rules and as far as we heard we returned some of the headaches our testers gave to us before - thanks again to David Lindsay, Gareth Heyes and Johannes Dahse for their great work.

The rules were optimized as usual and again - they haven’t grown but become even smaller for better performance. Altogether the rules decreased their size by 937 bytes. The converter was optimized too and many smaller bugs were fixed.

You can find the fresh packages here as usual. Again - no API changes so updating should work like a charm.

Also we have continued working on our sister project - the CSRFx. Now this system is even more capable in dealing with invalid markup to protect and AJAX requests. Also JSON wrapped markup can now be secured with the token cloud of the CSRFx so maybe you like to check out the sources and give it try.

We appreciate your feedback and if you happen to have any problems during installation or usage feel free to ask us in our forum.

After the pretty successful Christmas release we now present PHPIDS 0.4.5. It brings a lot of enhancements in vector detection. We worked over the rules and especially the converter and due to the great help of David, Gareth, Johannes and tx many bugs were found and fixed. The exploits and filter circumventions they found were awesome as usual and got our team surprised a lot. JavaScript is a hell of a language - and so is SQL…

We also did some improvements to the PHPIDS Centrifuge. We now have - supporting the main Centrifuge core - an additional layer to detect attacks based on character ratio. Take a peek at the code if you wish to know more details.

The API hasn’t changed in this release so patching would be definitely no problem as usual. We hope you like the new release and grab you package here! Also we heard some bird twitter about a new WPIDS release some when this week - stay tuned!