On Wed, Jan 13, 2010 at 3:26 PM, <[email protected]> wrote: > Any of you guys here use Labrova? > > http://www.dokfleed.net/labrova/ > I am having problem downloading it. > > Or any recommendations for an intrusion protection system (IPS) which > prevents SQL injections, XSS, and many other known attacks on the web > application level. >
No idea how you would download it either - there doesn't seem to be a registration or download link - and I have never used it. My 2cents is that it may be useful as a defense-in-depth measure, but it's not a replacement for proper coding. Eg, I don't suppose labrova would know the difference between an input expecting a number vs text, nor whether a textarea or email input must accept potentially dangerous characters like "<", "'" etc. I've never used this either, but the authors of mod_security also have a module to profile the type of traffic and inputs your application normally gets. It can then filter anything outside of this whitelisted profile.
_______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
