Difference between revisions of "Projects/OWASP NAXSI Project"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
| project_home_page = OWASP NAXSI Project
 
| project_home_page = OWASP NAXSI Project
  
| project_description = Naxsi is a WAF module Nginx, the infamous web server / reverse proxy / ... Its goal is to protect web application from SQL Injections, Cross Site Scripting and all "web" vulnerabilities.
+
| project_description = *Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the infamous web server and reverse-proxy.
 +
 
 +
*Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions.
 +
 
 +
*The difference with most WAF (Web Application Firewalls) out there is that it does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments.
 +
 
 +
*Each kind of unusual character will increase the score of the request. If the request reaches a score considered "too high", the request will be denied, and the user will be redirected to a "forbidden" page. Yes, it works somewhat like a spam system.
 +
 
  
 
| project_license = [http://www.gnu.org/licenses/gpl-2.0.html GPL 2.0]
 
| project_license = [http://www.gnu.org/licenses/gpl-2.0.html GPL 2.0]

Revision as of 10:00, 6 September 2011

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP NAXSI Project (Nginx Anti Xss Sql Injection) (home page)
Purpose:
  • Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the infamous web server and reverse-proxy.
  • Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions.
  • The difference with most WAF (Web Application Firewalls) out there is that it does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments.
  • Each kind of unusual character will increase the score of the request. If the request reaches a score considered "too high", the request will be denied, and the user will be redirected to a "forbidden" page. Yes, it works somewhat like a spam system.
License: GPL 2.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases