PHPIDS 0.4.6 - attack of the vector mangle
Article written by .mario
Only half a month after the last release we present the new PHPIDS 0.4.6. This time we did lots of optimizations on the generic attack detection and the PHPIDS Centrifuge. There is a pretty new way to detect vectors which are not caught by the rules and as far as we heard we returned some of the headaches our testers gave to us before - thanks again to David Lindsay, Gareth Heyes and Johannes Dahse for their great work.
The rules were optimized as usual and again - they haven’t grown but become even smaller for better performance. Altogether the rules decreased their size by 937 bytes. The converter was optimized too and many smaller bugs were fixed.
You can find the fresh packages here as usual. Again - no API changes so updating should work like a charm.
Also we have continued working on our sister project - the CSRFx. Now this system is even more capable in dealing with invalid markup to protect and AJAX requests. Also JSON wrapped markup can now be secured with the token cloud of the CSRFx so maybe you like to check out the sources and give it try.
We appreciate your feedback and if you happen to have any problems during installation or usage feel free to ask us in our forum.
This entry was posted
on Tuesday, January 29th, 2008 at 10:09 pm and is filed under CSRFx, PHPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
January 30th, 2008 at 12:29 am
Awesome work PHPIDS team! This is turning into quite a impressive detection system you should be proud
January 30th, 2008 at 12:39 am
Thanks Gareth
This would’ve never been possible without the help and great work of you guys!
January 30th, 2008 at 8:07 pm
[...] es bereits bei der letzten Update-Meldung angekündigt hat, mussten wir nicht sehr lange auf das nächste Release von PHP IDS [...]