PHPIDS - Security

This is a discussion on PHPIDS - Security ; Hi there! Have anyone tried PHPIDS? Is this really effective against kiddies and penetration testers? Just read abt it on howtoforge, it would be great to know your opinion. I don't consider it as the only security solution for web-services ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: PHPIDS

  1. PHPIDS

    Hi there!

    Have anyone tried PHPIDS? Is this really effective against kiddies and
    penetration testers? Just read abt it on howtoforge, it would be great
    to know your opinion.

    I don't consider it as the only security solution for web-services -
    but if it really does what it announces it may become another musthave
    security tool on web-servers.


    Regards,

    Kirill "REDbyte" Novikov.

  2. Re: PHPIDS

    On Jun 23, 8:24 am, "redbyte.l...@gmail.com"
    wrote:
    > Hi there!
    >
    > Have anyone tried PHPIDS? Is this really effective against kiddies and
    > penetration testers? Just read abt it on howtoforge, it would be great
    > to know your opinion.
    >
    > I don't consider it as the only security solution for web-services -
    > but if it really does what it announces it may become another musthave
    > security tool on web-servers.
    >
    > Regards,
    >
    > Kirill "REDbyte" Novikov.


    I'd never heard of it before now, but looking at http://php-ids.org/
    raises more concerns than answers questions.

    To begin with, IME, bolt-on security products are usually
    fundamentally flawed in terms of the concept; really the only way to
    add security to an existing system is to build in controls between the
    layers of the system (like firewalls, mod_security, suhosin...).

    Next, security in IT is a complex thing and needs to be understood
    properly to be implemented - there is no documentation of what the
    product actually does nor how to use it on the website - the
    'documentation' link takes you directly to the output of PHPDocumentor
    - and the comments in the code don't help much.

    Next, messing about with the demo, it is obviously based on a rather
    crude set of blacklist words - rather like a VERY crude virus checker.
    As has been written elsewhere, this approach to detecting
    innapropriate content will always be playing catchup with new attack
    vectors.

    Its not where I'd start when thinking about securing a PHP
    application.

    C.

+ Reply to Thread