PHPIDS » Web Application Security 2.0

Only half a month after the last release we present the new PHPIDS 0.4.6. This time we did lots of optimizations on the generic attack detection and the PHPIDS Centrifuge. There is a pretty new way to detect vectors which are not caught by the rules and as far as we heard we returned some of the headaches our testers gave to us before - thanks again to David Lindsay, Gareth Heyes and Johannes Dahse for their great work.

The rules were optimized as usual and again - they haven’t grown but become even smaller for better performance. Altogether the rules decreased their size by 937 bytes. The converter was optimized too and many smaller bugs were fixed.

You can find the fresh packages here as usual. Again - no API changes so updating should work like a charm.

Also we have continued working on our sister project - the CSRFx. Now this system is even more capable in dealing with invalid markup to protect and AJAX requests. Also JSON wrapped markup can now be secured with the token cloud of the CSRFx so maybe you like to check out the sources and give it try.

We appreciate your feedback and if you happen to have any problems during installation or usage feel free to ask us in our forum.

We recently created a Google source code repository for CSRFx and a CRSFx Google group. This tool provides - besides a name which can’t be pronounced by human tongue - a possibility to protect existing PHP5 based web applications against CSRF attacks.

The tool gives the developer the chance to define request patterns which should be protected against CSRF. Also there’s the possibility to define request patterns which shouldn’t be protected to cover ranges like example.com/admin/whatever.

The implementation process is pretty easy. You just have to create a configuration file for your application (an example file for CakePHP is bundled, more will follow soon), define the request patterns, create the necessary database table, include the files First.php and Last.php via auto_prepend_file/auto_append_file and that’s it. You can of course also use your index.php for inclusion if that’s possible. We are already testing the tool on several live applications - so we can guarantee pretty good stability already.

If you’d like to play with it just grab the sources. Comments, Questions and contributions are heavily appreciated as usual. Have fun!