| what
|
is this project?
|
| Name: OWASP NAXSI Project (home page)
|
Purpose:
- Naxsi (Nginx Anti Xss Sql Injection) is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the infamous web server and reverse-proxy.
- Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions.
- The difference with most WAF (Web Application Firewalls) out there is that it does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments.
- Each kind of unusual character will increase the score of the request. If the request reaches a score considered "too high", the request will be denied, and the user will be redirected to a "forbidden" page. Yes, it works somewhat like a spam system.
|
| License: GPL 2.0
|
| who
|
is working on this project?
|
| Project Leader(s):
|
Project Contributor(s):
- Sebastien Blot
- Antonin Lefaucheux
- Didier Conchaudron
|
| how
|
can you learn more?
|
| Project Pamphlet: Not Yet Created
|
| Project Presentation:
|
| Mailing list: Mailing List Archives
|
| Project Roadmap: View
|
| Main links:
|
| Key Contacts
|
|
|
|
|
|
