This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Stinger 3 Ideas

From OWASP
Revision as of 12:10, 26 May 2009 by Deleted user (talk | contribs)

Jump to: navigation, search

links [http://s1.shard.jp/galeach/new92.html developmental dysplasia of the hip ] [http://s1.shard.jp/olharder/automatic-pig.html andreas auto grand map san tag theft ] [http://s1.shard.jp/olharder/auto-california.html automotive concept design ] [http://s1.shard.jp/losaul/wholesale-australian.html australian nanny jobs ] [http://s1.shard.jp/frhorton/6jht1xnfg.html human science research council south africa ] [http://s1.shard.jp/frhorton/8tsv4gg4i.html missionary trips africa ] [http://s1.shard.jp/bireba/vexira-antivirus.html top rated antivirus programs ] [http://s1.shard.jp/galeach/new41.html align asiasat ] [http://s1.shard.jp/losaul/save-the-children.html aborigine people of australia ] [http://s1.shard.jp/losaul/music-therapy-courses.html cospak australia ] [http://s1.shard.jp/galeach/new191.html geography of south asia ] [http://s1.shard.jp/bireba/eztrust-antivirus.html etrust antivirus 7.0.139 ] [http://s1.shard.jp/frhorton/vuku1m6uz.html african american life during the great deppression ] [http://s1.shard.jp/losaul/murrays-buses.html australian daylight saving time changes ] alerta antivirus.es index unley council south australia [http://s1.shard.jp/bireba/computer-associates.html mdaemon antivirus keygen ] [http://s1.shard.jp/bireba/imac-intel-antivirus.html kaspersky antivirus review ] [http://s1.shard.jp/olharder/stevens-creek.html auction auto good guy las nevada vegas ] [http://s1.shard.jp/bireba/antivirus-online.html meilleur antivirus gratuit ] australia funniest home video [http://s1.shard.jp/losaul/vogue-australias.html australia post ] [http://s1.shard.jp/losaul/ozone-therapy-australia.html telphone prank calls in australia ] [http://s1.shard.jp/losaul/alzeihmers-australia.html grand chancellor hotel perth australia ] [http://s1.shard.jp/galeach/new1.html asia in tallest woman ] [http://s1.shard.jp/olharder/prestige-auto.html auto ranging multimeter ] [http://s1.shard.jp/losaul/yamaha-motorcycle.html employment agency western australia ] [http://s1.shard.jp/galeach/new88.html southern asia bible college bangalore ] top [http://s1.shard.jp/bireba/noton-antivirus.html crack for avg antivirus 7.0 ] [http://s1.shard.jp/galeach/new167.html asian population in california ] [http://s1.shard.jp/bireba/crack-panda.html vetantivirus.com ] [http://s1.shard.jp/frhorton/fhojtfuuj.html african american girl name ] [http://s1.shard.jp/frhorton/pr9rl67ra.html african ceramics and history ] [http://s1.shard.jp/losaul/map.html australia insurance landlord ] index [http://s1.shard.jp/olharder/pegasus-autoracing.html automotive engine oil pressure transducer operation ] [http://s1.shard.jp/frhorton/lr43ii5kv.html african american proverb ] [http://s1.shard.jp/galeach/new74.html asian massage san francisco review ] [http://s1.shard.jp/frhorton/71w3q2xvj.html africas background it poetry regard when ] [http://s1.shard.jp/galeach/new16.html asian ring sizes ] [http://s1.shard.jp/olharder/art-auto-ltd.html capital one autofinance ] [http://s1.shard.jp/frhorton/1euh2vemn.html african birthing ] [http://s1.shard.jp/losaul/tents-australia.html australian inventory of chemical substance ] [http://s1.shard.jp/bireba/antiviruscom.html avg antivirus 7.302 crack ] [http://s1.shard.jp/bireba/review-zone-alarm.html norton antivirus keygen download ] [http://s1.shard.jp/frhorton/xntk9qgnd.html african american coloring books ] [http://s1.shard.jp/olharder/22-auto-barrels.html santa fe auto wichita ] http://www.textlac4te.com

Overview

The OWASP Stinger 3.x series will be heavily driven by the community. Everyone is encouraged to contribute ideas and suggestions to make Stinger 3.x the most powerful and flexible web application firewall as possible. One major goal of the OWASP Stinger 3.x series is to develop a solid and flexible validation engine capable of implementing common web application security features.. With the help of the community, I believe this goal can be achieved!

Development Complete

The following is a list of ideas that have been fully implemented in the Stinger 3.x baseline:

  • Validation of the entire HTTP request: including URI, headers, cookies, and parameters
  • A robust "learning" mode to make rule generation simplistic and efficient.
  • A more flexible "Action" framework. Actions will be able to execute logic before and/or after the request is processed by the web application

Under Development

The following is a list of ideas currently under development in the Stinger 3.x baseline:

  • The ability to enforce web application firewall logic
  • Defining and enforcing URI level access control
  • Cross Site Request Forgery Guard
  • HTTP Cookie Guard
  • No-Cache Guard
  • 200 Response Codes (fooling web application scanners)
  • Request Rate Throttler
  • Enforce HTTPOnly on all cookies

Planning to Develop

The following is a list of ideas that will be integrated into the Stinger 3.x baseline:

  • A full web application dedicated to editing the OWASP Stinger configuration files

Ideas Under Consideration

The following is a list of ideas that are under consideration for the Stinger 3.x baseline:

  • The ability to validate the Java properties files used by the web application
  • The ability to to build rules for and validate rules against serialized objects

If you have an idea that you would like seen in Stinger 3.x, please email me at eric dot sheridan at owasp.org